GLPI 11.0.8 was released today as a security release — upgrading is recommended for all environments. This version fixes 16 vulnerabilities, including 2 critical and 8 high severity.
Security highlights#
Critical Vulnerabilities#
- CVE-2026-48482 — RCE via Form import
- CVE-2026-52848 — MFA bypass
High Vulnerabilities#
- CVE-2026-47678 — SQL injection in dropdowns
- CVE-2026-47679 — Arbitrary file deletion
- CVE-2026-49470 — Account takeover via 2FA brute force
- CVE-2026-53625 — Privilege escalation via authtype API
- CVE-2026-53610 — Reflected XSS in dashboards
- CVE-2026-53626 — Arbitrary document read
- CVE-2026-53629 — SQL injection in history tab
- CVE-2026-55214 — Stored XSS in suppliers
Medium Vulnerabilities#
Unauthorized debug mode activation, LDAP filter injection, unallowed authentication method update, unexpected API update access, unallowed knowledge base comment modification, and unallowed notification sending.
Docker Images and Helm Chart#
We published Docker images and Helm Chart for both GLPI versions:
| Component | Version |
|---|---|
| GLPI (app) | 11.0.8 |
| GLPI (app) | 10.0.26 |
| Helm Chart | glpi-11.0.8 |
Links#
Upgrade via Helm#
helm repo add eftech https://eftechcombr.github.io/glpi/charts
helm repo update
helm upgrade --install glpi eftech/glpi --namespace glpi --version 11.0.8Upgrade via Docker#
docker pull ghcr.io/eftechcombr/glpi:11.0.8This upgrade is especially critical if you use Form import functionality (RCE) or multi-factor authentication (bypass). We recommend upgrading as soon as possible.
At EF-TECH, we offer specialized support for GLPI deployment and maintenance in containers. Contact us to learn more.

