CVE-2026-44833

Published: Mag 26, 2026 Last Modified: Mag 26, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,9

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Other

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Other

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Low

View CWE Details

Application

Snipe-It by Snipeitapp

Product Information

Vendor Snipeitapp

Product Snipe-It

Version Range Affected

To 8.4.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/grokability/snipe-it/commit/e37649212861…

https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540…

https://github.com/grokability/snipe-it/security/advisories…

https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg