CVE-2026-55469: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in grokability snipe-it
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the server process. This issue is fixed in version 8.6.2.
AI Analysis
Technical Summary
CVE-2026-55469 is a path traversal vulnerability (CWE-22) in the grokability Snipe-IT IT asset/license management system. Authenticated users with import and assets.update permissions can exploit this by inserting a path traversal string in an asset image field during CSV import. This can then be used to trigger deletion of arbitrary files accessible to the server process. The issue affects all versions prior to 8.6.2 and is resolved in 8.6.2.
Potential Impact
An attacker with the required permissions can delete arbitrary files on the server running Snipe-IT, potentially disrupting service or causing data loss. The vulnerability does not impact confidentiality but affects integrity and availability of the system.
Mitigation Recommendations
Upgrade Snipe-IT to version 8.6.2 or later, where this vulnerability is fixed. No other official remediation or temporary fix is documented. Restrict import and assets.update permissions to trusted users only until the upgrade is applied.
CVE-2026-55469: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in grokability snipe-it
Description
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the server process. This issue is fixed in version 8.6.2.
CVSS v3.1
Score 6.5medium
Affected software
pkg:github/grokability/snipe-itRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-55469 is a path traversal vulnerability (CWE-22) in the grokability Snipe-IT IT asset/license management system. Authenticated users with import and assets.update permissions can exploit this by inserting a path traversal string in an asset image field during CSV import. This can then be used to trigger deletion of arbitrary files accessible to the server process. The issue affects all versions prior to 8.6.2 and is resolved in 8.6.2.
Potential Impact
An attacker with the required permissions can delete arbitrary files on the server running Snipe-IT, potentially disrupting service or causing data loss. The vulnerability does not impact confidentiality but affects integrity and availability of the system.
Mitigation Recommendations
Upgrade Snipe-IT to version 8.6.2 or later, where this vulnerability is fixed. No other official remediation or temporary fix is documented. Restrict import and assets.update permissions to trusted users only until the upgrade is applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-06-16T22:10:37.608Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a51500968715ace431e0bd9
Added to database: 07/10/2026, 20:03:21 UTC
Last enriched: 07/10/2026, 20:18:06 UTC
Last updated: 07/10/2026, 20:48:20 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.