Vendor
Grokability
Products
1
CVEs
5
Across products
5
Status
Private
Products
1- 5 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-37709 | Cri | 0.57 | 9.8 | 0.00 | May 7, 2026 | Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component | |
| CVE-2026-44832 | hig | 0.38 | — | — | May 8, 2026 | ### Impact An authenticated user with only `users.edit` permission can escalate their own privileges to `admin` by sending a PATCH request to `/api/v1/users/{id}` with `permissions[admin]=1`. The API controller only strips the `superuser` key from the permissions array, allowing `admin` and all other permission keys to be set by any user who can update users. ### Patches Patched in https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569, fix was released in v8.4.1 ### Workarounds None. | |
| CVE-2019-25264 | Med | 0.35 | 6.4 | 0.00 | Feb 3, 2026 | Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users. | |
| CVE-2026-44833 | med | 0.26 | — | — | May 8, 2026 | Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. ### Impact - **Phishing**: Redirect users to fake login pages to steal credentials - **Session Hijacking**: Redirect to attacker site that captures session cookies via JavaScript - **Malware Distribution**: Redirect to sites hosting malware or drive-by downloads - **Reputation Damage**: Users lose trust when redirected to malicious sites from legitimate application - **Social Engineering**: Use trusted Snipe-IT domain to increase phishing success rate When the user clicks "Save", the application: 1. Processes the form 2. Checks `redirect_option` (if set to 'back') 3. Calls `Helper::getRedirectOption()` 4. Retrieves `back_url` from session: `https://evil.com/phishing?target=snipeit` 5. Executes `redirect()->to($backUrl)` 6. User is redirected to attacker's site This would still require session poisoning, so the actual practical threat here is minimal. ### Patches Patched in https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373, released in 8.4.1. ### Workarounds None. ### Resources - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') - OWASP: Unvalidated Redirects and Forwards - Laravel Security: Safe Redirects [snipeit_open_redirect_submission.md](https://github.com/user-attachments/files/27414869/snipeit_open_redirect_submission.md) | |
| CVE-2026-44831 | med | 0.19 | — | — | May 8, 2026 | ### Impact Users with component view access could be impacted by an unescaped `notes` column. ### Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. ### Workarounds None. |