Directory Traversal Vulnerability in Snipe-IT IT Asset Management System
CVE-2026-55474
7.1HIGH
What is CVE-2026-55474?
Snipe-IT, an IT asset and license management system, contains a vulnerability due to improper sanitization of the route filename parameter in the ActionlogController::displaySig function. This flaw allows authenticated attackers to traverse outside the designated upload directory, potentially accessing sensitive files on the web server. This issue has been addressed in version 8.5.0, highlighting the importance of keeping software updated to mitigate such vulnerabilities.
Affected Version(s)
snipe-it < 8.5.0
