{"id":"CVE-2026-22044","summary":"GLPI is Vulnerable to Authenticated SQL Injection","details":"GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23.","aliases":["GHSA-569q-j526-w385"],"modified":"2026-04-10T05:38:43.584166Z","published":"2026-02-04T17:15:39.205Z","database_specific":{"cwe_ids":["CWE-89"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22044.json"},"references":[{"type":"WEB","url":"https://github.com/glpi-project/glpi/releases/tag/10.0.23"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22044.json"},{"type":"ADVISORY","url":"https://github.com/glpi-project/glpi/security/advisories/GHSA-569q-j526-w385"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22044"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/glpi-project/glpi","events":[{"introduced":"b094bc0c617761d6e7eee900950f24cea658d560"},{"fixed":"3b860b94fd55dc5a6dbd1c18009adff26a14662f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22044.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}