CVE-2026-55474 in snipe-itinformação

Sumário

de MITRE • 10/07/2026

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsável

GitHub M

Reservar

17/06/2026

Divulgação

10/07/2026

Moderação

aceite

Entrada

VDB-377591

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

muito baixo

Fontes

Might our Artificial Intelligence support you?

Check our Alexa App!