Path Traversal Vulnerability in Snipe-IT IT Asset Management System
CVE-2026-55469

6.5MEDIUM

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-55469?

In the Snipe-IT IT asset and license management system, prior to version 8.6.2, an authenticated user with import and assets.update permissions can exploit a path traversal vulnerability. By placing a malicious path traversal string in an asset image field during a CSV import, the user can trigger the deletion of arbitrary files accessible to the server process. This vulnerability poses significant risks as it allows for unauthorized access to files and data on the server, potentially leading to further exploitation.

Affected Version(s)

snipe-it < 8.6.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.