Open Redirect Vulnerability in Snipe-IT IT Asset Management System
CVE-2026-44833

5.9MEDIUM

Key Information:

Vendor: Grokability
Status: Snipe-it
Vendor: CVE Published:; 26 May 2026

🔔 Create Grokability Vulnerability Alert

What is CVE-2026-44833?

Snipe-IT, a widely used IT asset and license management solution, has an open redirect vulnerability that allows cyber attackers to manipulate the HTTP Referer header stored in session variables. This flaw can lead users to harmful websites, compromising sensitive data and potentially exposing systems to further attacks. The vulnerability has been addressed in version 8.4.1, emphasizing the importance of updating to secure versions to mitigate risks.

Affected Version(s)

snipe-it < 8.4.1

References

https://github.com/grokability/snipe-it/security/advisori...

x_refsource_CONFIRM

https://github.com/grokability/snipe-it/commit/e376492128...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44833 Data

JSON