CVE-2026-44833

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1

Description An open redirect issue in Snipe-IT allows attackers to redirect users to malicious websites. This occurs because the application uses an unvalidated HTTP Referer header stored in a session variable. When a user clicks "Save", the application processes the form and, if the redirect option is set to 'back', it calls the Helper::getRedirectOption() function to retrieve the back url from the session and executes redirect()->to($backUrl). This can be leveraged for phishing, session hijacking, malware distribution, and social engineering.

Recommendations Update to version 8.4.1.