CVE-2026-44833

HIGH WAF: Medium

CVSS 7.1 Published: 2026-05-26

CWE-601

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
snipeitapp	snipe-it	up to 8.4.1

References

github.com (Patch)
github.com (Patch, Vendor Advisory)

Back to CVE Database