PatchSiren cyber security CVE debrief
CVE-2026-46683 KnpLabs CVE debrief
CVE-2026-46683 is a medium-severity vulnerability in the Snappy PHP library, which allows for Server-Side Request Forgery (SSRF) and local file read attacks. This issue is resolved in version 1.7.0.
- Vendor
- KnpLabs
- Product
- snappy
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of the Snappy PHP library, particularly those who generate thumbnails, snapshots, or PDFs from URLs or HTML pages, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The Snappy PHP library, used for generating thumbnails, snapshots, or PDFs from URLs or HTML pages, is vulnerable to SSRF and local file read attacks via the xsl-style-sheet option. This vulnerability has been patched in version 1.7.0.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the Snappy PHP library to version 1.7.0 or later.
- Review and restrict usage of the xsl-style-sheet option to minimize exposure.
Evidence notes
CVE-2026-46683 has a CVSS score of 6.9 and is classified as MEDIUM severity. The vulnerability was published on 2026-06-10T20:17:29.017Z and last modified on 2026-06-10T20:21:20.207Z.
Official resources
CVE-2026-46683 was published on 2026-06-10T20:17:29.017Z and last modified on 2026-06-10T20:21:20.207Z.