CVE-2026-13490

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be executed remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure.
Configurations

No configuration.

History

30 Jun 2026, 19:16

Type Values Removed Values Added
References () https://vuldb.com/submit/838225 - () https://vuldb.com/submit/838225 -

28 Jun 2026, 12:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-28 12:17

Updated : 2026-06-30 19:16


NVD link : CVE-2026-13490

Mitre link : CVE-2026-13490

CVE.ORG link : CVE-2026-13490


JSON object : View

Products Affected

No product.

CWE
CWE-285

Improper Authorization

CWE-639

Authorization Bypass Through User-Controlled Key