What is CVE-2026-32312?

CVE-2026-32312 is a medium-severity vulnerability in Glpi-project Glpi, classified under Missing Authorization. CVSS score: 4.3/10. Published 2026-05-19.

How severe is CVE-2026-32312?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Auth bypass in Glpi-project Glpi

CVE-2026-32312

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7.

Vulnerability class: Broken Access Control

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Glpi-project Glpi — versions >= 11.0.0, < 11.0.7

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

security-advisories@github.com (x_refsource_MISC, Release Notes)
security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2026-32312?: CVE-2026-32312 is a medium-severity vulnerability in Glpi-project Glpi, classified under Missing Authorization. CVSS score: 4.3/10. Published 2026-05-19.
How severe is CVE-2026-32312?: Medium severity. CVSS v3 base score is 4.3 out of 10.