Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3jws-ajsq-v7eq
Vulnerability ID VCID-3jws-ajsq-v7eq
Aliases CVE-2026-44833
GHSA-mghp-5cq4-v6mg
Summary Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2026-44833
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2026-44833
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2026-44833
epss 0.00013 https://api.first.org/data/v1/epss?cve=CVE-2026-44833
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mghp-5cq4-v6mg
cvssv3.1 5.9 https://github.com/grokability/snipe-it
generic_textual MODERATE https://github.com/grokability/snipe-it
cvssv3.1 5.9 https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
generic_textual MODERATE https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
ssvc Track https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
cvssv3.1 5.9 https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
cvssv3.1_qr MODERATE https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
generic_textual MODERATE https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
ssvc Track https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2026-44833
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-44833
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-44833
https://nvd.nist.gov/vuln/detail/CVE-2026-44833
e37649212861a337e68a624e589c3540b7a82373 https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
GHSA-mghp-5cq4-v6mg https://github.com/advisories/GHSA-mghp-5cq4-v6mg
GHSA-mghp-5cq4-v6mg https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
No exploits are available.
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/grokability/snipe-it
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/ Found at https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/ Found at https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2026-44833
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.0209
EPSS Score 0.00013
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:42:44.493728+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/44xxx/CVE-2026-44833.json 38.6.0