CVE Catalog

CVE-2026-46683

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile — higher than 13% of all known CVEs

Summary

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option.

Risk Assessment

This vulnerability may lead to unauthorized access to local files and potential SSRF attacks, posing a threat to the application's security and the organization's data.

Recommendation

It is recommended to update the Snappy library to version 1.7.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS