Cross-Site Scripting in Snipe-IT IT Asset Management System
CVE-2026-44831

4.8MEDIUM

Key Information:

Vendor: Grokability
Status: Snipe-it
Vendor: CVE Published:; 26 May 2026

🔔 Create Grokability Vulnerability Alert

What is CVE-2026-44831?

Snipe-IT, an IT asset and license management system, has a vulnerability that allows users with component view access to experience cross-site scripting. This is due to an unescaped notes column, which could lead to the execution of malicious scripts in the user's browser. The issue has been addressed in version 8.4.1, and users are encouraged to upgrade to this version to mitigate potential security risks.

Affected Version(s)

snipe-it < 8.4.1

References

https://github.com/grokability/snipe-it/security/advisori...

x_refsource_CONFIRM

https://github.com/grokability/snipe-it/commit/28f493d84d...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44831 Data

JSON