XSS in Grokability Snipe-it

CVE-2026-55466

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSa…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References