XSS in Grokability Snipe-it

CVE-2026-55481

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders header_color and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References