CVE-2026-13490
glpi-project glpi Document document.send.php canViewFile authorization
Description
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be executed remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure.
INFO
Published Date :
June 28, 2026, 11 a.m.
Last Modified :
June 28, 2026, 11 a.m.
Remotely Exploit :
No
Source :
VulDB
Solution
- Update GLPI to a patched version.
- Apply vendor-provided security updates.
- Review access controls for document viewing.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-13490 vulnerability anywhere in the article.