CVE-2026-22044 is an SQL injection vulnerability classified under CWE-89, found in the GLPI project, a widely used free and open-source IT asset and service management software. The flaw exists in versions starting from 0.85 up to before 10.0.23, allowing an authenticated user to inject malicious SQL commands due to improper sanitization of special characters in SQL queries. This vulnerability enables an attacker with valid credentials to extract sensitive information from the database, compromising confidentiality without affecting data integrity or availability. The CVSS v3.1 base score is 6.5, reflecting a medium severity level, with an attack vector of network, low attack complexity, and requiring privileges (authenticated user). No user interaction is needed beyond authentication. The vulnerability was publicly disclosed on February 4, 2026, and patched in GLPI version 10.0.23. Although no active exploitation has been reported, the potential for data leakage in environments managing critical IT assets and services is significant. The issue highlights the importance of proper input validation and parameterized queries in preventing SQL injection attacks.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on GLPI for IT asset management, service desk operations, and configuration management databases. Exploitation could lead to unauthorized disclosure of sensitive information such as user credentials, configuration details, and asset inventories, which could facilitate further attacks or compliance violations under GDPR. Since the vulnerability requires authentication, insider threats or compromised accounts pose a significant risk. The confidentiality breach could undermine trust, disrupt IT operations, and result in regulatory penalties. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, face heightened risks. The absence of integrity and availability impact limits the scope to data exposure rather than system disruption or data manipulation.

European organizations should immediately upgrade GLPI installations to version 10.0.23 or later, where the vulnerability is patched. Until the upgrade can be performed, restrict GLPI access to trusted users and networks, enforce strong authentication mechanisms including multi-factor authentication, and monitor logs for unusual database query patterns indicative of SQL injection attempts. Implement web application firewalls (WAFs) with rules targeting SQL injection signatures specific to GLPI. Conduct regular security audits and code reviews for custom plugins or integrations that might reintroduce similar vulnerabilities. Educate administrators and users about the risks of credential compromise and enforce least privilege principles to minimize the impact of potential exploitation. Finally, ensure backups are current and tested to enable recovery if needed.