Cross-Site Scripting in Snipe-IT Asset Management Software
CVE-2026-55464

4.8MEDIUM

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-55464?

Snipe-IT, an IT asset and license management system, has a Cross-Site Scripting vulnerability where improperly sanitized JavaScript URIs in Markdown hyperlinks can be exploited. Users with edit permissions can insert malicious links into custom markdown fields, which execute arbitrary JavaScript when viewed by others. This vulnerability has been addressed in version 8.6.2.

Affected Version(s)

snipe-it < 8.6.2

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.