CVE-2026-55474
Undergoing Analysis Undergoing Analysis - In Progress

Path Traversal in Snipe-IT Asset Management System

Vulnerability report for CVE-2026-55474, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: GitHub, Inc.

Description

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
snipeitapp snipe-it to 8.5.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-55474 is a path traversal vulnerability in the Snipe-IT IT asset/license management system prior to version 8.5.0. The vulnerability exists in the ActionlogController::displaySig function, where the filename parameter from the HTTP route is concatenated directly into a private upload directory path without proper sanitization. This allows an authenticated attacker to manipulate the filename parameter to traverse outside the intended directory and read arbitrary files accessible to the web server process.

The issue is classified under CWE-23 (Relative Path Traversal) and was fixed by enforcing the use of basename() on filenames to ensure only the base name is used, preventing directory traversal attacks.

Impact Analysis

This vulnerability can allow an authenticated attacker to read arbitrary files on the server that are accessible to the web server process but outside the intended upload directory. This could lead to exposure of sensitive information, configuration files, or other data that should not be publicly accessible.

Such unauthorized file access can compromise the confidentiality of data, potentially leading to further exploitation or information disclosure within the affected environment.

Compliance Impact

The vulnerability allows an authenticated attacker to perform path traversal and read arbitrary files accessible to the web server process. This could potentially expose sensitive data stored on the server.

Exposure of sensitive files due to this vulnerability may lead to non-compliance with data protection regulations such as GDPR or HIPAA, which require strict controls on access to personal and sensitive information.

However, the provided information does not explicitly discuss the impact of this vulnerability on compliance with specific standards or regulations.

Detection Guidance

This vulnerability involves path traversal via the filename parameter in the ActionlogController::displaySig function of Snipe-IT versions prior to 8.5.0. Detection involves identifying attempts to exploit this by sending specially crafted requests with path traversal sequences in the filename parameter.

You can monitor web server logs or application logs for HTTP requests targeting the displaySig action with suspicious filename parameters containing sequences like '../' or other path traversal patterns.

Example commands to detect such attempts include using grep on access logs to find suspicious requests:

  • grep -i 'displaySig' /var/log/apache2/access.log | grep '\.\./'
  • grep -E 'displaySig.*filename=.*\.\./' /var/log/nginx/access.log

Additionally, you can use network monitoring tools or intrusion detection systems (IDS) with rules to detect path traversal patterns in HTTP requests targeting the Snipe-IT application.

Mitigation Strategies

The primary mitigation is to upgrade Snipe-IT to version 8.5.0 or later, where this vulnerability has been fixed by enforcing basename usage on filenames and adding validation to prevent path traversal.

If immediate upgrade is not possible, consider applying patches that sanitize the filename parameter by using basename() and validating inputs to reject filenames containing path traversal sequences.

Additionally, restrict access to the vulnerable endpoint to only trusted authenticated users and monitor logs for suspicious activity.

Implement web application firewall (WAF) rules to block requests containing path traversal patterns targeting the displaySig action.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55474. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart