PT-2026-57287 · Grokability · Snipe-It

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-55469

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the server process. This issue is fixed in version 8.6.2.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55469

Affected Products

Snipe-It