CVE-2026-46683

UNKNOWN 0.0

Snappy: SSRF and local file read via the xsl-style-sheet option

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.

CWE	CWE-918
Vendor	knplabs
Product	snappy
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for knplabs snappy

Be the first to know when new unknown vulnerabilities affecting knplabs snappy are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

KnpLabs / snappy

< 1.7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/KnpLabs/snappy/security/advisories/GHSA-c5fp-p67m-gq56 github.com: https://github.com/KnpLabs/snappy/releases/tag/v1.7.0