Medium severity4.8GHSA Advisory· Published May 26, 2026· Updated May 26, 2026
CVE-2026-44831
CVE-2026-44831
Description
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulnerability is fixed in 8.4.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
snipe/snipe-itPackagist | < 8.4.1 | 8.4.1 |
Affected products
3- Range: < 8.4.1
Patches
Vulnerability mechanics
References
4- github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438nvdPatchWEB
- github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjxnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-r42m-953q-6vjxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44831ghsaADVISORY
News mentions
0No linked articles in our index yet.