CVE-2021-39213
6.8 MEDIUMGLPI is a free Asset and IT management software package
Published: 2021-09-15 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.8 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-74
Affected products
| Vendor | Product |
|---|---|
| glpi-project | glpi |
Description
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39213
- [Other]https://github.com/glpi-project/glpi/releases/tag/9.5.6
- [Other]https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777
- [Other]https://github.com/glpi-project/glpi/releases/tag/9.5.6
- [Other]https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777
Related CVEs
Same vendor
- CVE-2026-32312 — GLPI is a free asset and IT management software package (4.3 MEDIUM)
- CVE-2021-39211 — GLPI is a free Asset and IT management software package (5.3 MEDIUM)
- CVE-2021-39210 — GLPI is a free Asset and IT management software package (6.5 MEDIUM)
- CVE-2021-39209 — GLPI is a free Asset and IT management software package (8.8 HIGH)
- CVE-2021-3486 — GLPi 9.5.4 does not sanitize the metadata (6.1 MEDIUM)
Same CWE
- CVE-2026-12223 — A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
- CVE-2026-12219 — A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
- CVE-2026-12206 — A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
- CVE-2026-12197 — A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
- CVE-2026-12188 — A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)