CVE-2026-44833

EUVD-2026-31965
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
snipeitappsnipe-it
𝑥
< 8.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg