Cross-Site Scripting in Snipe-IT Asset Management Software
CVE-2026-55464
4.8MEDIUM
What is CVE-2026-55464?
Snipe-IT, an IT asset and license management system, has a Cross-Site Scripting vulnerability where improperly sanitized JavaScript URIs in Markdown hyperlinks can be exploited. Users with edit permissions can insert malicious links into custom markdown fields, which execute arbitrary JavaScript when viewed by others. This vulnerability has been addressed in version 8.6.2.
Affected Version(s)
snipe-it < 8.6.2
