Description
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be executed remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure.
Published: 2026-06-28
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the Document::canViewFile function of the document.send.php handler in GLPI. By manipulating the docid argument, an attacker can bypass the intended permission check and access files that should be protected. The flaw allows remote exploitation, meaning an attacker could conduct the attack from outside the local network. Although the attack is described as having high complexity and difficult exploitability, it nevertheless permits unauthorized viewing of confidential documents, compromising data confidentiality.

Affected Systems

GLPI versions 11.0.5, 11.0.6, and 11.0.7 are affected. These releases use the Document Handler component to serve files, and the authorization logic flaw impacts users trying to view protected documents. The vulnerability is specific to the GLPI product from the glpi-project vendor.

Risk and Exploitability

The CVSS score of 6.3 places the vulnerability in the medium severity range. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog, suggesting it is not known to be actively exploited. The attack requires remote access and manipulation of a file identifier, with a high complexity but difficult exploitation path. Consequently, while the risk is moderate, the confidentiality impact warrants timely remediation.

Generated by OpenCVE AI on June 28, 2026 at 13:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to a GLPI release that fixes the canViewFile authorization check.
  • Verify that user roles and file permissions are correctly configured and restrict file access to only authorized groups.
  • Monitor access logs for unauthorized document access attempts and perform regular permission audits to detect misuse.

Generated by OpenCVE AI on June 28, 2026 at 13:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be executed remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure.
Title glpi-project glpi Document document.send.php canViewFile authorization
First Time appeared Glpi-project
Glpi-project glpi
Weaknesses CWE-285
CWE-639
CPEs cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
Vendors & Products Glpi-project
Glpi-project glpi
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Glpi-project Glpi
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-28T11:00:05.902Z

Reserved: 2026-06-27T15:57:41.272Z

Link: CVE-2026-13490

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T15:30:07Z

Weaknesses
  • CWE-285

    Improper Authorization

  • CWE-639

    Authorization Bypass Through User-Controlled Key