PT-2026-57283 · Grokability · Snipe-It

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-55452

CVSS v4.0

4.8

Medium

VectorAV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. This issue is fixed in version 8.5.0.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55452

Affected Products

Snipe-It