Cyber Posture

CVE-2026-22247

Medium

Published: 04 February 2026

Published
04 February 2026
Modified
06 February 2026
KEV Added
Patch
CVSS Score 4.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
EPSS Score 0.0002 3.8th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22247 is a medium-severity SSRF (CWE-918) vulnerability in Glpi-Project Glpi. Its CVSS base score is 4.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing
addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

SC-7 Boundary Protection
addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

SI-10 Information Input Validation
addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

SI-4 System Monitoring
addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SSRF in a web application (GLPI webhook) directly enables exploitation of a public-facing or network-accessible service by an authenticated administrator, aligning with T1190 for initial or post-auth abuse to reach internal resources.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.

Deeper analysisAI

CVE-2026-22247 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, in the Webhook feature of GLPI, a free asset and IT management software package. It affects GLPI versions from 11.0.0 up to but not including 11.0.5, as published on 2026-02-04.

A GLPI administrator can exploit this vulnerability to perform SSRF requests. The CVSS v3.1 base score is 4.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N), indicating that exploitation is possible over the network with low complexity, requires high privileges, involves no user interaction, has changed scope, and results in low impact to confidentiality with no impact to integrity or availability.

The vulnerability has been addressed in GLPI version 11.0.5. Additional details are available in the release notes at https://github.com/glpi-project/glpi/releases/tag/11.0.5 and the security advisory at https://github.com/glpi-project/glpi/security/advisories/GHSA-f6f6-v3qr-9p5x.

Details

CWE(s)
CWE-918

Affected Products

glpi-project
glpi
11.0.0 — 11.0.5

CVEs Like This One

CVE-2026-26263Same product: Glpi-Project Glpi
CVE-2025-23046Same product: Glpi-Project Glpi
CVE-2025-66417Same product: Glpi-Project Glpi
CVE-2025-21619Same product: Glpi-Project Glpi
CVE-2026-26027Same product: Glpi-Project Glpi
CVE-2025-24799Same product: Glpi-Project Glpi
CVE-2026-26026Same product: Glpi-Project Glpi
CVE-2026-29047Same product: Glpi-Project Glpi
CVE-2025-24801Same product: Glpi-Project Glpi
CVE-2026-22044Same product: Glpi-Project Glpi

References