CVE-2026-44831

Description

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulnerability is fixed in 8.4.1.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

grokability / snipe-it< 8.4.1 – < 8.4.1

References

VENDOR_ADVISORYhttps://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
PATCHhttps://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438