Security Research

Vulnerabilities we have found and responsibly disclosed in widely used software. Original research, coordinated disclosure, and the CVEs that come out of it.

CVE-2026-
42318 High · 7.0

GLPI · Authorization Bypass

CVE-2026-42318 — GLPI Arbitrary Item Deletion via Planning

An authorization bypass (CWE-862) in GLPI's planning module lets a technician-level user delete any object in the instance. Found by Voke Cyber and fixed in GLPI 10.0.25 and 11.0.7.

Read the Advisory How we found it

More advisories are on the way as findings clear coordinated disclosure. · Vulnerability Disclosure Policy

The same testing, on your software

The manual, by-hand testing that finds bugs like this is exactly what we do for clients across the Charlotte, NC area and nationwide.

Get a Quote