PatchSiren cyber security CVE debrief
CVE-2026-55481 grokability CVE debrief
CVE-2026-55481 is an issue in Snipe-IT, an IT asset/license management system, where the default.blade.php file does not properly escape HTML in header_color and related branding color settings within a CSS style block. This insufficient escaping allows a superadmin to inject arbitrary CSS, which affects authenticated users on subsequent page loads when Content Security Policy (CSP) is disabled. The issue was fixed in version 8.6.2.
- Vendor
- grokability
- Product
- snipe-it
- CVSS
- MEDIUM 6.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of Snipe-IT versions prior to 8.6.2 should be aware of this vulnerability, especially in environments where Content Security Policy is disabled or not strictly enforced. Superadmins with access to customize branding settings are at risk of exploitation.
Technical summary
The vulnerability exists in the default.blade.php file of Snipe-IT, where user-inputted data for header_color and related branding settings is not properly escaped within a CSS style block. This allows for the injection of arbitrary CSS code by a superadmin, which can then be executed on the browsers of authenticated users. The impact is heightened in scenarios where Content Security Policy (CSP) is disabled, as it would otherwise mitigate such attacks.
Defensive priority
Medium priority should be given to updating Snipe-IT to version 8.6.2 or later, as the fix directly addresses the vulnerability. Additionally, enabling Content Security Policy (CSP) and ensuring it is properly configured can help mitigate the risk of exploitation.
Recommended defensive actions
- Update Snipe-IT to version 8.6.2 or later
- Enable and properly configure Content Security Policy (CSP)
- Restrict access to superadmin roles
- Monitor for suspicious CSS changes or anomalies in user sessions
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-10T20:16:47.587Z and has not been modified since then. The NVD entry is currently 6.2 MEDIUM. References include fixes and advisories from the Snipe-IT GitHub repository.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T20:16:47.587Z and has not been modified since then. The NVD entry is currently 6.2 MEDIUM.