CVE-2026-44833 MEDIUM

CVE-2026-44833: Snipe-IT: Open redirect vulnerability

Vendor Grokability

Product snipe-it

Weakness CWE-601 · Open redirect

Published May 26, 2026

Last update May 27, 2026

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.

Key dates

02Disclosure timeline

May 26, 2026 CVE published

May 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-44833 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

04Related CVE

CVE-2026-2475 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access CVE-2025-34440 AVideo < 20.1 Open Redirect via siteRedirectUri Parameter CVE-2024-43683 Improper verification of the Host header in TimeProvider 4100 CVE-2026-42207 Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts CVE-2021-40852 TCMAN GIM open redirect vulnerability