CVE-2026-23489

critical

Description

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.

References

https://github.com/pluginsGLPI/fields/security/advisories/GHSA-rj7q-mmx9-fhq7

https://github.com/pluginsGLPI/fields/releases/tag/1.23.3

Details

Source: Mitre, NVD

Published: 2026-03-16

Updated: 2026-03-18

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00058

Detections

Analytics