Missing Authentication for Critical Function in GLPI Inventory plugin - CVE-2026-48728
Published: July 9, 2026
GLPI Inventory plugin
Detailed vulnerability description
The vulnerability allows a remote attacker to enumerate jobs and manipulate their status.
The vulnerability exists due to missing authentication for critical function in Deploy, Collect, and ESX agent API endpoints when handling requests to job-related API functionality. A remote attacker can send crafted requests to enumerate jobs and manipulate their status.