Description
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.
Published: 2026-05-26
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows attackers to forge or manipulate HTTP Referer headers that are saved into a session variable and later used for redirection. Because the input is not validated, an attacker can cause a legitimate user of the Snipe‑IT application to be redirected to a malicious website. This creates opportunities for phishing, social engineering, or malware delivery. The weakness is classified as CWE‑601.

Affected Systems

Affected instances are deployments of the Snipe‑IT asset management system manufactured by grokability that are running any version before 8.4.1. The issue is present in all releases up to that point, as the fix was introduced in 8.4.1. Users of earlier releases have the vulnerability until they apply the update.

Risk and Exploitability

The CVSS score of 5.9 denotes moderate severity. The EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to influence the Referer header that the application later trusts, which can be done by delivering a crafted link or by instructing a collaborator to visit a malicious site. Because the attack vector is client‑side and does not require local privileges, a broad range of users could be affected if the application is exposed to the internet, making this a notable risk for exposed deployments.

Generated by OpenCVE AI on May 26, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch by upgrading to Snipe‑IT version 8.4.1 or later.
  • Inspect application configurations to confirm that any logic which stores the Referer header into session variables is disabled or removed, and ensure that redirects are only performed with trusted, static URLs.
  • As a temporary measure, restrict the handling of the Referer header or implement input validation to reject or sanitize values that could trigger unintended redirects.

Generated by OpenCVE AI on May 26, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mghp-5cq4-v6mg Snipe-IT has an open redirect vulnerability
History

Tue, 26 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Grokability
Grokability snipe-it
Snipeitapp
Snipeitapp snipe-it
CPEs cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*
Vendors & Products Grokability
Grokability snipe-it
Snipeitapp
Snipeitapp snipe-it

Tue, 26 May 2026 19:45:00 +0000

Type Values Removed Values Added
Description Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.
Title Snipe-IT: Open redirect vulnerability
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Grokability Snipe-it
Snipeitapp Snipe-it
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-26T19:30:48.852Z

Reserved: 2026-05-07T21:21:48.352Z

Link: CVE-2026-44833

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T20:16:20.317

Modified: 2026-05-26T20:38:06.913

Link: CVE-2026-44833

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T20:30:15Z

Weaknesses