CVE-2026-22247 is a Server-Side Request Forgery (SSRF) vulnerability identified in the GLPI asset and IT management software, specifically affecting versions from 11.0.0 up to but not including 11.0.5. The vulnerability arises from the Webhook feature, which allows an authenticated GLPI administrator to trigger HTTP requests from the server to arbitrary destinations. SSRF vulnerabilities enable attackers to abuse the server to send crafted requests, potentially accessing internal resources that are otherwise inaccessible externally. In this case, the attacker must have administrator privileges within GLPI, which limits the attack surface to trusted users or compromised admin accounts. The CVSS v3.1 base score is 4.1 (medium severity), reflecting network attack vector, low attack complexity, high privileges required, no user interaction, and limited confidentiality impact. The vulnerability does not directly affect data integrity or availability. No known exploits are reported in the wild as of the publication date. The issue was patched in GLPI version 11.0.5, and users are advised to upgrade promptly. The SSRF could be leveraged for internal network reconnaissance, accessing metadata services, or pivoting to other internal systems if combined with other vulnerabilities or misconfigurations.

For European organizations, the primary risk lies in the potential for an attacker with GLPI administrator access to perform unauthorized internal network requests. This could lead to exposure of sensitive internal services, such as internal APIs, databases, or cloud metadata endpoints, which are typically protected from external access. While the vulnerability does not directly compromise data integrity or availability, it could facilitate further attacks if combined with other vulnerabilities or misconfigurations. Organizations using GLPI in critical infrastructure, government, or large enterprises may face increased risk due to the sensitive nature of internal systems potentially exposed via SSRF. The requirement for administrator privileges reduces the likelihood of exploitation by external attackers but raises concerns about insider threats or compromised admin accounts. The medium severity rating suggests a moderate impact, but the potential for lateral movement or data exposure within internal networks warrants prompt remediation.

1. Upgrade GLPI installations to version 11.0.5 or later immediately to apply the official patch addressing the SSRF vulnerability. 2. Restrict GLPI administrator privileges to trusted personnel only and enforce strong authentication mechanisms, such as multi-factor authentication (MFA), to reduce the risk of credential compromise. 3. Implement network segmentation and firewall rules to limit the GLPI server's ability to make outbound requests to sensitive internal resources or cloud metadata services. 4. Monitor GLPI webhook usage and server logs for unusual or unexpected outbound requests that could indicate exploitation attempts. 5. Conduct regular audits of GLPI user accounts and permissions to detect and remove unnecessary administrator privileges. 6. Employ web application firewalls (WAF) with SSRF detection capabilities to provide an additional layer of defense. 7. Educate administrators on the risks of SSRF and the importance of secure configuration and patch management.