CVE-2026-26026

CRITICAL

GLPI 11.0.0-11.0.5 Templates - Admin Remote Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-26026. PoCs published by adminlove520, CEAarab.

AI-analyzed exploit summary This script exploits an authenticated RCE vulnerability in GLPI by leveraging a CSRF token to authenticate as 'glpi/glpi' and then injecting a command via the 'shell_exec' function through a crafted AJAX request. The output is parsed from the response to confirm execution.

Description

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.

Exploits (2)

github WORKING POC 4 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-26026

This script exploits an authenticated RCE vulnerability in GLPI by leveraging a CSRF token to authenticate as 'glpi/glpi' and then injecting a command via the 'shell_exec' function through a crafted AJAX request. The output is parsed from the response to confirm execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GLPI (version not specified)
Auth required
Prerequisites: valid GLPI instance · default credentials (glpi/glpi) · accessible form ID
devstral-2 · analyzed May 13, 2026 Full analysis →
nomisec WORKING POC
by CEAarab · poc
https://github.com/CEAarab/CVE-2026-26026-PoC

This script exploits an authenticated RCE vulnerability in GLPI by leveraging a CSRF token to authenticate as 'glpi/glpi' and then injecting a command via the 'shell_exec' function through a crafted AJAX request. The output is parsed from the response to confirm execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GLPI (version not specified)
Auth required
Prerequisites: valid GLPI instance · default credentials (glpi/glpi) · FORM_ID parameter
devstral-2 · analyzed Apr 23, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.1
EPSS 0.0007
EPSS Percentile 21.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1336 CWE-94
Status published
Products (2)
glpi-project/glpi 11.0.0 - 11.0.6
glpi-project/glpi >= 11.0.0, < 11.0.6
Published Apr 06, 2026
Tracked Since Apr 06, 2026