๐Ÿ” CVE Alert

CVE-2026-55464

UNKNOWN 0.0

Snipe-IT: Stored XSS via Markdown custom field

CVSS Score
0.0
EPSS Score
0.2%
EPSS Percentile
7th

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.

CWE CWE-79
Vendor grokability
Product snipe-it
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for grokability snipe-it

Be the first to know when new unknown vulnerabilities affecting grokability snipe-it are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

grokability / snipe-it
< 8.6.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr github.com: https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d github.com: https://github.com/grokability/snipe-it/releases/tag/v8.6.2