URL Redirection Flaw in Snipe-IT IT Asset Management System
CVE-2026-55461
6.1MEDIUM
What is CVE-2026-55461?
Snipe-IT, an IT asset and license management system, contains a vulnerability that allows an attacker to manipulate the intended URL session value through a user-edit flow. Prior to version 8.6.2, this flow incorrectly stores the Referer header from the attacker into a Laravel session variable, enabling the potential for malicious redirection after a legitimate user submits a change. This can lead to unauthorized access or the exploitation of trust in redirection mechanisms by legitimate users.
Affected Version(s)
snipe-it < 8.6.2
