CVE-2026-23489 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 16, 2026
Published: March 16, 2026Updated: March 16, 2026Remote Exploitable
Overview
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
Severity & Score
Severity: Critical
CVSS Score: 9.1
References
Related Resources
Details
- CVE ID
- CVE-2026-23489
- Severity
- Critical
- CVSS Score
- 9.1
- Status
- new
CWE
- CWE-20
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H