Open redirect in snipe-it - CVE-2026-44833
Published: May 11, 2026
Vulnerability identifier: #VU130986
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-44833
CWE-ID: CWE-601
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
snipe-it
snipe-it
Software vendor:
snipe
snipe
Description
The vulnerability allows a remote user to redirect users to malicious sites.
The vulnerability exists due to url redirection to untrusted site in Helper::getRedirectOption() when processing a redirect based on an unvalidated HTTP Referer header stored in a session variable. A remote user can poison the session with a crafted back_url value to redirect users to malicious sites.
User interaction is required when the victim clicks the "Save" action, and practical exploitation requires session poisoning.
Remediation
Install security update from vendor's website.