A vulnerability labeled as critical has been found in grokability snipe-it up to 8.4.x. This issue affects the function
displaySig of the component Actionlog Controller. Executing a manipulation of the argument filename can lead to unrestricted upload.
This vulnerability is registered as CVE-2026-55474. It is possible to launch the attack remotely. No exploit is available.