Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-55464

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 6.9%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2026-55464


Contact Us

Shodan ® - All rights reserved