PatchSiren cyber security CVE debrief
CVE-2026-55452 grokability CVE debrief
CVE-2026-55452 is a medium-severity vulnerability in Snipe-IT, an IT asset/license management system. Prior to version 8.5.0, a low-privileged authenticated user could store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. The vulnerability arises from the Actionlog::logaction() function storing the request User-Agent header and ReportsController::postActivityReport() writing that value to the Activity Report CSV without formula escaping. This allows potential execution of malicious formulas when the CSV is opened. Users of Snipe-IT versions prior to 8.5.0 should apply the patch to prevent potential exploitation. This requires attention from administrators and security teams responsible for IT asset management systems. The CVE record was published on 2026-07-10T20:16:46.590Z and has not been modified since then. The NVD entry is currently 4.8 MEDIUM. Evidence is limited to CVE and NVD details.
- Vendor
- grokability
- Product
- snipe-it
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of Snipe-IT versions prior to 8.5.0 should apply the patch to prevent potential exploitation. This requires attention from administrators and security teams responsible for IT asset management systems.
Technical summary
The vulnerability in Snipe-IT arises from the Actionlog::logaction() function storing the request User-Agent header and ReportsController::postActivityReport() writing that value to the Activity Report CSV without formula escaping. This allows a low-privileged authenticated user to store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. The issue is fixed in version 8.5.0. Limited details are available about the specific conditions required for exploitation. The CVE record and NVD entry provide the primary source information for this vulnerability.
Defensive priority
Apply the patch to Snipe-IT by upgrading to version 8.5.0 or later. Review User-Agent logging and CSV export practices to ensure proper escaping of user input. Monitor for suspicious User-Agent strings in logs. Restrict access to Activity Reports to authorized personnel. Consider compensating controls for exposed systems while remediation is scheduled and verified. Track exceptions, retest remediated assets, and close the item only after evidence is documented. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up. Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed. Check relevant monitoring, detection, and logs for exposed assets that need extra review. Ensure proper change management for updates and verify remediation effectiveness.
Recommended defensive actions
- Upgrade Snipe-IT to version 8.5.0 or later
- Review and adjust User-Agent logging and CSV export practices to ensure proper escaping of user input
- Monitor for suspicious User-Agent strings in logs
- Restrict access to Activity Reports to authorized personnel
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
The CVE record was published on 2026-07-10T20:16:46.590Z and has not been modified since then. The NVD entry is currently 4.8 MEDIUM. Limited details are available about the specific conditions required for exploitation. The vulnerability arises from the Actionlog::logaction() function storing the request User-Agent header and ReportsController::postActivityReport() writing that value to the Activity Report CSV without formula escaping. This allows a low-privileged authenticated user to store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. Evidence is limited to CVE and NVD details.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T20:16:46.590Z and has not been modified since then.