SB2026070949 - Missing Authentication for Critical Function in GLPI Inventory plugin
Published: July 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Missing Authentication for Critical Function (CVE-ID: CVE-2026-48728)
CWE-ID: CWE-306 - Missing Authentication for Critical Function
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to enumerate jobs and manipulate their status.
The vulnerability exists due to missing authentication for critical function in Deploy, Collect, and ESX agent API endpoints when handling requests to job-related API functionality. A remote attacker can send crafted requests to enumerate jobs and manipulate their status.
Remediation
Install update from vendor's website.