CVE-2026-55474

Source
https://cve.org/CVERecord?id=CVE-2026-55474
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55474.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-55474
Aliases
  • GHSA-c6f4-wj38-m3g3
Published
2026-07-10T18:29:56.511Z
Modified
2026-07-15T01:49:08.597399010Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Snipe-IT: Directory traversal in displaySig
Details

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-23"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55474.json"
}
References

Affected packages

Git / github.com/grokability/snipe-it

Affected ranges

Type
GIT
Repo
https://github.com/grokability/snipe-it
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.5.0"
        }
    ]
}

Affected versions

3.*
3.2.0
5.*
5.1.7
v3.*
v3.0
v3.0-alpha
v3.0-alpha2
v3.0-beta.1
v3.0-beta.3
v3.0.0-beta
v3.1.0
v3.3.0-beta
v3.4.0-alpha
v3.4.0-beta
v3.5.0
v3.5.0-beta
v3.5.0-beta2
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v4.*
v4.0
v4.0-alpha-2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.5.0
v4.6.0
v4.6.1
v4.6.10
v4.6.11
v4.6.12
v4.6.13
v4.6.14
v4.6.15
v4.6.16
v4.6.17
v4.6.18
v4.6.2
v4.6.3
v4.6.4
v4.6.5
v4.6.6
v4.6.7
v4.6.8
v4.6.9
v4.7.0
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.7
v4.7.8
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v4.9.4
v5.*
v5.0.0-beta-3.0
v5.0.0-beta-4
v5.0.0-beta-5
v5.0.0-beta-6-GM
v5.0.0-beta-7-GM
v5.0.10
v5.0.11
v5.0.12
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.6
v5.1.7
v5.1.8
v6.*
v6.0.0
v6.0.0-GM
v6.0.0-RC-1
v6.0.0-RC-2
v6.0.0-RC-3
v6.0.0-RC-4
v6.0.0-RC-5
v6.0.0-RC-6
v6.0.0-RC-7
v6.0.0-RC-8
v6.0.1
v6.0.10
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.3.0
v6.3.1
v7.*
v7.0.0-pre
v7.0.10
v7.0.13
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.9
v7.1.14
v7.1.15
v8.*
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1.0
v8.1.1
v8.1.15
v8.1.16
v8.1.17
v8.1.18
v8.1.2
v8.1.3
v8.1.4
v8.2.0
v8.2.1
v8.3.0
v8.3.1
v8.3.2
v8.3.3
v8.4.0
v8.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55474.json"