CVE-2026-44833

Published May 26th, 2026

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.

grokability/snipe-it

A free open source IT asset/license management system

GitHub

13.9K