This is a security release, upgrading is recommended
This release fixes a few security issues that have been recently discovered. Update is recommended!
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - Medium] Unauthorized debug mode activation (CVE-2026-45801)
- [SECURITY - Medium] LDAP filter injection in user import feature (CVE-2026-49469)
- [SECURITY - Medium] Unallowed authentication method update by administrator (CVE-2026-53628)
- [SECURITY - Medium] Unallowed modification of knowbase items comments and translations (CVE-2026-55217)
- [SECURITY - Medium] Unallowed notifications sending (CVE-2026-57152)
- [SECURITY - High] SQL injection in dropdowns (CVE-2026-47678)
- [SECURITY - High] Arbitrary file deletion (CVE-2026-47679)
- [SECURITY - High] Privilege Escalation via authtype API manipulation (CVE-2026-53625)
- [SECURITY - High] SQL injection in history tab (CVE-2026-53629)
Many bug fixes have also been made, read the full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.