This is a security release, upgrading is recommended
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - Critical] Server-Side Template Injection (CVE-2026-26026)
- [SECURITY - High] Stored XSS via Inventory (CVE-2026-26027)
- [SECURITY - High] Unauthenticated SQL Injection via Search engine (CVE-2026-26263)
- [SECURITY - Moderate] MFA bypass (CVE-2026-25937)
- [SECURITY - Moderate] Authenticated SQL Injection (CVE-2026-25936)
- [SECURITY - High] Authenticated SQL Injection (CVE-TODO)
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.