CVE-2026-46683
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option.
Risk Assessment
This vulnerability may lead to unauthorized access to local files and potential SSRF attacks, posing a threat to the application's security and the organization's data.
Recommendation
It is recommended to update the Snappy library to version 1.7.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.

