Path Traversal Vulnerability in Snipe-IT IT Asset Management System
CVE-2026-55469
6.5MEDIUM
What is CVE-2026-55469?
In the Snipe-IT IT asset and license management system, prior to version 8.6.2, an authenticated user with import and assets.update permissions can exploit a path traversal vulnerability. By placing a malicious path traversal string in an asset image field during a CSV import, the user can trigger the deletion of arbitrary files accessible to the server process. This vulnerability poses significant risks as it allows for unauthorized access to files and data on the server, potentially leading to further exploitation.
Affected Version(s)
snipe-it < 8.6.2
