A vulnerability was found in grokability snipe-it up to 8.6.1. It has been classified as problematic. This affects the function
StorageHelper::allowSafeInline of the component UploadFileRequest. This manipulation causes permissive cross-domain policy with untrusted domains.
The identification of this vulnerability is CVE-2026-55466. It is possible to initiate the attack remotely. There is no exploit available.