CVE-2026-22247 is a Server-Side Request Forgery (SSRF) vulnerability identified in the GLPI asset and IT management software, specifically affecting versions from 11.0.0 up to but not including 11.0.5. The vulnerability arises from the Webhook feature, which allows an authenticated GLPI administrator to trigger SSRF requests. SSRF vulnerabilities occur when an attacker can abuse a server to send crafted requests to unintended destinations, often internal network resources that are otherwise inaccessible externally. In this case, the attacker must have administrator-level privileges within GLPI, which limits the attack surface but still poses a significant risk if credentials are compromised or insiders are malicious. The SSRF can be used to probe internal services, potentially leading to information disclosure or further exploitation of internal systems. The vulnerability does not directly impact data integrity or availability but can facilitate reconnaissance and lateral movement within a network. The issue was publicly disclosed and patched in GLPI version 11.0.5. The CVSS v3.1 base score is 4.1, reflecting medium severity due to the requirement for high privileges and the limited impact scope. No known exploits are currently reported in the wild. The vulnerability is classified under CWE-918, which covers SSRF issues.

For European organizations, the SSRF vulnerability in GLPI can lead to unauthorized internal network scanning and information disclosure, potentially exposing sensitive infrastructure details. This is particularly concerning for organizations managing critical assets and IT infrastructure with GLPI, as attackers could leverage SSRF to identify vulnerable internal services or pivot to more severe attacks. Although exploitation requires administrator privileges, the risk is elevated if credential theft or insider threats occur. The vulnerability does not directly cause data loss or service disruption but can be a stepping stone for more damaging attacks. Organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on GLPI for asset management may face increased risk. Additionally, the medium CVSS score indicates moderate urgency for patching, but the potential for internal network reconnaissance should not be underestimated.

European organizations using GLPI versions 11.0.0 through 11.0.4 should immediately upgrade to version 11.0.5 or later, where the SSRF vulnerability is patched. Restrict administrative access to GLPI to trusted personnel and enforce strong authentication mechanisms, including multi-factor authentication, to reduce the risk of credential compromise. Monitor and audit Webhook configurations and usage to detect unusual or unauthorized request patterns. Network segmentation should be employed to limit GLPI server access to sensitive internal resources, minimizing the impact of potential SSRF exploitation. Additionally, implement strict egress filtering on the GLPI server to prevent unauthorized outbound requests to internal or external systems. Regularly review and update GLPI and related infrastructure to ensure timely application of security patches.