Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    126 vulnerabilities by snipeitapp

    CVE-2026-55843 (GCVE-0-2026-55843)

    Vulnerability from nvd – Published: 2026-07-10 18:33 – Updated: 2026-07-13 14:54
    VLAI
    Title
    Snipe-IT: Improper Privilege Management
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse result, allowing an administrator updating another administrator, or a user with users.edit updating a regular account, to remove the target’s administrative or granular permissions. This issue is fixed in version 8.6.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55843",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T14:53:48.248969Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T14:54:19.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user\u2019s permissions with a sparse result, allowing an administrator updating another administrator, or a user with users.edit updating a regular account, to remove the target\u2019s administrative or granular permissions. This issue is fixed in version 8.6.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:33:09.250Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-j5g3-42wp-gqm3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-j5g3-42wp-gqm3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/1cff2d67aabd00ee51d864c1d7fb717494c1d6ad",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/1cff2d67aabd00ee51d864c1d7fb717494c1d6ad"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0"
            }
          ],
          "source": {
            "advisory": "GHSA-j5g3-42wp-gqm3",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Improper Privilege Management"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55843",
        "datePublished": "2026-07-10T18:33:09.250Z",
        "dateReserved": "2026-06-17T16:29:38.865Z",
        "dateUpdated": "2026-07-13T14:54:19.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55516 (GCVE-0-2026-55516)

    Vulnerability from nvd – Published: 2026-07-10 18:31 – Updated: 2026-07-10 18:31
    VLAI
    Title
    Snipe-IT: Cross-company asset maintenance re-parenting via API update
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re-authorizing the newly supplied asset, allowing an authorized user to move a maintenance record onto an asset outside their company scope. This issue is fixed in version 8.6.2.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re-authorizing the newly supplied asset, allowing an authorized user to move a maintenance record onto an asset outside their company scope. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:31:57.507Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-575r-357h-fhch",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-575r-357h-fhch"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/905d498ecdb0ee5591231c97bf48435e92044368",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/905d498ecdb0ee5591231c97bf48435e92044368"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-575r-357h-fhch",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Cross-company asset maintenance re-parenting via API update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55516",
        "datePublished": "2026-07-10T18:31:57.507Z",
        "dateReserved": "2026-06-16T22:44:22.284Z",
        "dateUpdated": "2026-07-10T18:31:57.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55478 (GCVE-0-2026-55478)

    Vulnerability from nvd – Published: 2026-07-10 18:34 – Updated: 2026-07-10 20:58
    VLAI
    Title
    Snipe-IT: Missing object-level authorization in Kits API
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should not be able to access or manage into a kit. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55478",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:19.627117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:58:14.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should not be able to access or manage into a kit. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:34:15.757Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-crv3-j83j-f3r6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-crv3-j83j-f3r6"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/0d870d540d27107634f3134e0e7f106b3faa6992",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/0d870d540d27107634f3134e0e7f106b3faa6992"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-crv3-j83j-f3r6",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Missing object-level authorization in Kits API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55478",
        "datePublished": "2026-07-10T18:34:15.757Z",
        "dateReserved": "2026-06-16T22:28:27.061Z",
        "dateUpdated": "2026-07-10T20:58:14.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55476 (GCVE-0-2026-55476)

    Vulnerability from nvd – Published: 2026-07-10 18:35 – Updated: 2026-07-13 16:15
    VLAI
    Title
    Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that user’s pending asset requests. This issue is fixed in version 8.6.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55476",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T16:15:42.883304Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T16:15:56.129Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that user\u2019s pending asset requests. This issue is fixed in version 8.6.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:35:49.893Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-53jc-27pc-x8r8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-53jc-27pc-x8r8"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/3c1b18919afbba12d419a9795929493b0391c91a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/3c1b18919afbba12d419a9795929493b0391c91a"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/ac2162113d9e25e4c61b61916ce67fb2a1050553",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/ac2162113d9e25e4c61b61916ce67fb2a1050553"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0"
            }
          ],
          "source": {
            "advisory": "GHSA-53jc-27pc-x8r8",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55476",
        "datePublished": "2026-07-10T18:35:49.893Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-13T16:15:56.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55474 (GCVE-0-2026-55474)

    Vulnerability from nvd – Published: 2026-07-10 18:29 – Updated: 2026-07-10 19:12
    VLAI
    Title
    Snipe-IT: Directory traversal in displaySig
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T19:12:19.818201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T19:12:30.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:29:56.511Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-c6f4-wj38-m3g3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-c6f4-wj38-m3g3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/18927",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/18927"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/cd69a7ea53e030e6e05f08be18daac672c8c4121",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/cd69a7ea53e030e6e05f08be18daac672c8c4121"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0"
            }
          ],
          "source": {
            "advisory": "GHSA-c6f4-wj38-m3g3",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Directory traversal in displaySig"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55474",
        "datePublished": "2026-07-10T18:29:56.511Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-10T19:12:30.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55472 (GCVE-0-2026-55472)

    Vulnerability from nvd – Published: 2026-07-10 18:36 – Updated: 2026-07-13 18:22
    VLAI
    Title
    Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:22:35.325309Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:22:44.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:36:58.923Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-8w8c-8mx9-52cw",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55472",
        "datePublished": "2026-07-10T18:36:58.923Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-13T18:22:44.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55464 (GCVE-0-2026-55464)

    Vulnerability from nvd – Published: 2026-07-10 18:40 – Updated: 2026-07-13 15:00
    VLAI
    Title
    Snipe-IT: Stored XSS via Markdown custom field
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55464",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T15:00:11.543277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T15:00:18.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:40:42.050Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-r52f-r9v5-66xr",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Stored XSS via Markdown custom field"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55464",
        "datePublished": "2026-07-10T18:40:42.050Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-13T15:00:18.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55460 (GCVE-0-2026-55460)

    Vulnerability from nvd – Published: 2026-07-10 18:39 – Updated: 2026-07-10 18:39
    VLAI
    Title
    Snipe-IT: Authorization bypass on bulk editing users
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:39:22.370Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-vgx7-c78r-69w9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-vgx7-c78r-69w9"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-vgx7-c78r-69w9",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Authorization bypass on bulk editing users"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55460",
        "datePublished": "2026-07-10T18:39:22.370Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T18:39:22.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54329 (GCVE-0-2026-54329)

    Vulnerability from nvd – Published: 2026-07-10 18:26 – Updated: 2026-07-10 20:58
    VLAI
    Title
    Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:21.168886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:58:22.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:26:44.378Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-pwpj-p52h-q484",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-pwpj-p52h-q484"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/6a0ec6945126a79fc25c0990c99abe632db370c3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/6a0ec6945126a79fc25c0990c99abe632db370c3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/dc8cbf4786bb38b260b4ae1723ec9e7f81d82fe5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/dc8cbf4786bb38b260b4ae1723ec9e7f81d82fe5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/e2bea57146eb3a3781b5eb21b69d7e04cc87c268",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/e2bea57146eb3a3781b5eb21b69d7e04cc87c268"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-pwpj-p52h-q484",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54329",
        "datePublished": "2026-07-10T18:26:44.378Z",
        "dateReserved": "2026-06-12T18:42:02.224Z",
        "dateUpdated": "2026-07-10T20:58:22.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48492 (GCVE-0-2026-48492)

    Vulnerability from nvd – Published: 2026-07-08 21:11 – Updated: 2026-07-09 14:17
    VLAI
    Title
    Snipe-IT's selectlist visibility is too permissive
    Summary
    Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This exposes usernames, display names, employee numbers, and user IDs for every active account in the system if FMCS is not enabled, and within the company they belong to if FMCS is enabled. Version 8.6.1 contains a patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:17:23.239977Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:17:32.841Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This exposes usernames, display names, employee numbers, and user IDs for every active account in the system if FMCS is not enabled, and within the company they belong to if FMCS is enabled. Version 8.6.1 contains a patch."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T21:11:19.698Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-f3c5-6cw8-fg57",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-f3c5-6cw8-fg57"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/4f943d4a7ab8e53f3d9e32770602d1118bab005f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/4f943d4a7ab8e53f3d9e32770602d1118bab005f"
            }
          ],
          "source": {
            "advisory": "GHSA-f3c5-6cw8-fg57",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT\u0027s selectlist visibility is too permissive"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-48492",
        "datePublished": "2026-07-08T21:11:19.698Z",
        "dateReserved": "2026-05-21T15:33:08.292Z",
        "dateUpdated": "2026-07-09T14:17:32.841Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55542 (GCVE-0-2026-55542)

    Vulnerability from nvd – Published: 2026-07-08 20:32 – Updated: 2026-07-09 13:28
    VLAI
    Title
    Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL
    Summary
    Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the local-file branch. Version 8.6.1 contains a patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55542",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:27:48.122702Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:28:25.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the local-file branch. Version 8.6.1 contains a patch."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 1.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:32:14.897Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6mmj-jhqj-6c6q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6mmj-jhqj-6c6q"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/ded6515cbc27a28f07395da318483c2e96263259",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/ded6515cbc27a28f07395da318483c2e96263259"
            }
          ],
          "source": {
            "advisory": "GHSA-6mmj-jhqj-6c6q",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT\u0027s S3 signature image retrieval lacks authorization before temporary URL"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55542",
        "datePublished": "2026-07-08T20:32:14.897Z",
        "dateReserved": "2026-06-16T23:01:04.074Z",
        "dateUpdated": "2026-07-09T13:28:25.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48493 (GCVE-0-2026-48493)

    Vulnerability from nvd – Published: 2026-06-23 22:11 – Updated: 2026-06-25 13:01
    VLAI
    Title
    Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment
    Summary
    Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except admin and superuser — for example `assets.view`, `assets.create`, `reports.view`, import, etc. The issue is patched in version 8.6.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48493",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T13:00:57.003096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T13:01:19.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except admin and superuser \u2014 for example `assets.view`, `assets.create`, `reports.view`, import, etc. The issue is patched in version 8.6.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T22:11:06.847Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-52fw-7fw2-fmv5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-52fw-7fw2-fmv5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/19024",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/19024"
            }
          ],
          "source": {
            "advisory": "GHSA-52fw-7fw2-fmv5",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-48493",
        "datePublished": "2026-06-23T22:11:06.847Z",
        "dateReserved": "2026-05-21T15:33:08.292Z",
        "dateUpdated": "2026-06-25T13:01:19.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48507 (GCVE-0-2026-48507)

    Vulnerability from nvd – Published: 2026-06-08 15:41 – Updated: 2026-06-08 18:03
    VLAI
    Title
    Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users
    Summary
    Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the instance by editing the `activated` flag (which determines whether or not a user can login) and the `ldap_import` flag, which determines whether or not the user can request a password reset. Version 8.6.0 contains a patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T18:02:32.917829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T18:03:30.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the instance  by editing the `activated` flag (which determines whether or not a user can login) and the `ldap_import` flag, which determines whether or not the user can request a password reset. Version 8.6.0 contains a patch."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T15:41:01.840Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a"
            }
          ],
          "source": {
            "advisory": "GHSA-6f75-x745-xcpr",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-48507",
        "datePublished": "2026-06-08T15:41:01.840Z",
        "dateReserved": "2026-05-21T16:18:10.618Z",
        "dateUpdated": "2026-06-08T18:03:30.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44833 (GCVE-0-2026-44833)

    Vulnerability from nvd – Published: 2026-05-26 19:30 – Updated: 2026-05-27 14:21
    VLAI
    Title
    Snipe-IT: Open redirect vulnerability
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:20:51.410457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:21:12.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T19:30:48.852Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373"
            }
          ],
          "source": {
            "advisory": "GHSA-mghp-5cq4-v6mg",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Open redirect vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44833",
        "datePublished": "2026-05-26T19:30:48.852Z",
        "dateReserved": "2026-05-07T21:21:48.352Z",
        "dateUpdated": "2026-05-27T14:21:12.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44832 (GCVE-0-2026-44832)

    Vulnerability from nvd – Published: 2026-05-26 19:29 – Updated: 2026-07-02 14:48
    VLAI
    Title
    Snipe-IT: Privilege Escalation via API Permissions Assignment
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Improper Preservation of Permissions
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44832",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:05:22.538613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:05:43.303Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281: Improper Preservation of Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:48:03.288Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569"
            }
          ],
          "source": {
            "advisory": "GHSA-hq28-crg7-95pr",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Privilege Escalation via API Permissions Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44832",
        "datePublished": "2026-05-26T19:29:31.026Z",
        "dateReserved": "2026-05-07T21:21:48.352Z",
        "dateUpdated": "2026-07-02T14:48:03.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44831 (GCVE-0-2026-44831)

    Vulnerability from nvd – Published: 2026-05-26 19:27 – Updated: 2026-05-27 16:08
    VLAI
    Title
    Snipe-IT: XSS vulnerability in component notes
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulnerability is fixed in 8.4.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T16:05:13.462354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T16:08:45.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulnerability is fixed in 8.4.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T19:27:16.856Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438"
            }
          ],
          "source": {
            "advisory": "GHSA-r42m-953q-6vjx",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: XSS vulnerability in component notes"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44831",
        "datePublished": "2026-05-26T19:27:16.856Z",
        "dateReserved": "2026-05-07T21:21:48.351Z",
        "dateUpdated": "2026-05-27T16:08:45.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55464 (GCVE-0-2026-55464)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:40 – Updated: 2026-07-13 15:00
    VLAI
    Title
    Snipe-IT: Stored XSS via Markdown custom field
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55464",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T15:00:11.543277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T15:00:18.011Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:40:42.050Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-r52f-r9v5-66xr",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Stored XSS via Markdown custom field"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55464",
        "datePublished": "2026-07-10T18:40:42.050Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-13T15:00:18.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55460 (GCVE-0-2026-55460)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:39 – Updated: 2026-07-10 18:39
    VLAI
    Title
    Snipe-IT: Authorization bypass on bulk editing users
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:39:22.370Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-vgx7-c78r-69w9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-vgx7-c78r-69w9"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-vgx7-c78r-69w9",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Authorization bypass on bulk editing users"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55460",
        "datePublished": "2026-07-10T18:39:22.370Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T18:39:22.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55472 (GCVE-0-2026-55472)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:36 – Updated: 2026-07-13 18:22
    VLAI
    Title
    Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:22:35.325309Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:22:44.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:36:58.923Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-8w8c-8mx9-52cw",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55472",
        "datePublished": "2026-07-10T18:36:58.923Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-13T18:22:44.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55476 (GCVE-0-2026-55476)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:35 – Updated: 2026-07-13 16:15
    VLAI
    Title
    Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that user’s pending asset requests. This issue is fixed in version 8.6.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55476",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T16:15:42.883304Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T16:15:56.129Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that user\u2019s pending asset requests. This issue is fixed in version 8.6.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:35:49.893Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-53jc-27pc-x8r8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-53jc-27pc-x8r8"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/3c1b18919afbba12d419a9795929493b0391c91a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/3c1b18919afbba12d419a9795929493b0391c91a"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/ac2162113d9e25e4c61b61916ce67fb2a1050553",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/ac2162113d9e25e4c61b61916ce67fb2a1050553"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0"
            }
          ],
          "source": {
            "advisory": "GHSA-53jc-27pc-x8r8",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55476",
        "datePublished": "2026-07-10T18:35:49.893Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-13T16:15:56.129Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55478 (GCVE-0-2026-55478)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:34 – Updated: 2026-07-10 20:58
    VLAI
    Title
    Snipe-IT: Missing object-level authorization in Kits API
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should not be able to access or manage into a kit. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55478",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:19.627117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:58:14.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should not be able to access or manage into a kit. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:34:15.757Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-crv3-j83j-f3r6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-crv3-j83j-f3r6"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/0d870d540d27107634f3134e0e7f106b3faa6992",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/0d870d540d27107634f3134e0e7f106b3faa6992"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-crv3-j83j-f3r6",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Missing object-level authorization in Kits API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55478",
        "datePublished": "2026-07-10T18:34:15.757Z",
        "dateReserved": "2026-06-16T22:28:27.061Z",
        "dateUpdated": "2026-07-10T20:58:14.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55843 (GCVE-0-2026-55843)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:33 – Updated: 2026-07-13 14:54
    VLAI
    Title
    Snipe-IT: Improper Privilege Management
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse result, allowing an administrator updating another administrator, or a user with users.edit updating a regular account, to remove the target’s administrative or granular permissions. This issue is fixed in version 8.6.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55843",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T14:53:48.248969Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T14:54:19.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user\u2019s permissions with a sparse result, allowing an administrator updating another administrator, or a user with users.edit updating a regular account, to remove the target\u2019s administrative or granular permissions. This issue is fixed in version 8.6.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:33:09.250Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-j5g3-42wp-gqm3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-j5g3-42wp-gqm3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/1cff2d67aabd00ee51d864c1d7fb717494c1d6ad",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/1cff2d67aabd00ee51d864c1d7fb717494c1d6ad"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0"
            }
          ],
          "source": {
            "advisory": "GHSA-j5g3-42wp-gqm3",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Improper Privilege Management"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55843",
        "datePublished": "2026-07-10T18:33:09.250Z",
        "dateReserved": "2026-06-17T16:29:38.865Z",
        "dateUpdated": "2026-07-13T14:54:19.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55516 (GCVE-0-2026-55516)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:31 – Updated: 2026-07-10 18:31
    VLAI
    Title
    Snipe-IT: Cross-company asset maintenance re-parenting via API update
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re-authorizing the newly supplied asset, allowing an authorized user to move a maintenance record onto an asset outside their company scope. This issue is fixed in version 8.6.2.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re-authorizing the newly supplied asset, allowing an authorized user to move a maintenance record onto an asset outside their company scope. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:31:57.507Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-575r-357h-fhch",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-575r-357h-fhch"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/905d498ecdb0ee5591231c97bf48435e92044368",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/905d498ecdb0ee5591231c97bf48435e92044368"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-575r-357h-fhch",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Cross-company asset maintenance re-parenting via API update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55516",
        "datePublished": "2026-07-10T18:31:57.507Z",
        "dateReserved": "2026-06-16T22:44:22.284Z",
        "dateUpdated": "2026-07-10T18:31:57.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55474 (GCVE-0-2026-55474)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:29 – Updated: 2026-07-10 19:12
    VLAI
    Title
    Snipe-IT: Directory traversal in displaySig
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T19:12:19.818201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T19:12:30.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:29:56.511Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-c6f4-wj38-m3g3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-c6f4-wj38-m3g3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/18927",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/18927"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/cd69a7ea53e030e6e05f08be18daac672c8c4121",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/cd69a7ea53e030e6e05f08be18daac672c8c4121"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0"
            }
          ],
          "source": {
            "advisory": "GHSA-c6f4-wj38-m3g3",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Directory traversal in displaySig"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55474",
        "datePublished": "2026-07-10T18:29:56.511Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-10T19:12:30.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54329 (GCVE-0-2026-54329)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:26 – Updated: 2026-07-10 20:58
    VLAI
    Title
    Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:21.168886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:58:22.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:26:44.378Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-pwpj-p52h-q484",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-pwpj-p52h-q484"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/6a0ec6945126a79fc25c0990c99abe632db370c3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/6a0ec6945126a79fc25c0990c99abe632db370c3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/dc8cbf4786bb38b260b4ae1723ec9e7f81d82fe5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/dc8cbf4786bb38b260b4ae1723ec9e7f81d82fe5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/e2bea57146eb3a3781b5eb21b69d7e04cc87c268",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/e2bea57146eb3a3781b5eb21b69d7e04cc87c268"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-pwpj-p52h-q484",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54329",
        "datePublished": "2026-07-10T18:26:44.378Z",
        "dateReserved": "2026-06-12T18:42:02.224Z",
        "dateUpdated": "2026-07-10T20:58:22.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48492 (GCVE-0-2026-48492)

    Vulnerability from cvelistv5 – Published: 2026-07-08 21:11 – Updated: 2026-07-09 14:17
    VLAI
    Title
    Snipe-IT's selectlist visibility is too permissive
    Summary
    Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This exposes usernames, display names, employee numbers, and user IDs for every active account in the system if FMCS is not enabled, and within the company they belong to if FMCS is enabled. Version 8.6.1 contains a patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:17:23.239977Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:17:32.841Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This exposes usernames, display names, employee numbers, and user IDs for every active account in the system if FMCS is not enabled, and within the company they belong to if FMCS is enabled. Version 8.6.1 contains a patch."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T21:11:19.698Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-f3c5-6cw8-fg57",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-f3c5-6cw8-fg57"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/4f943d4a7ab8e53f3d9e32770602d1118bab005f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/4f943d4a7ab8e53f3d9e32770602d1118bab005f"
            }
          ],
          "source": {
            "advisory": "GHSA-f3c5-6cw8-fg57",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT\u0027s selectlist visibility is too permissive"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-48492",
        "datePublished": "2026-07-08T21:11:19.698Z",
        "dateReserved": "2026-05-21T15:33:08.292Z",
        "dateUpdated": "2026-07-09T14:17:32.841Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55542 (GCVE-0-2026-55542)

    Vulnerability from cvelistv5 – Published: 2026-07-08 20:32 – Updated: 2026-07-09 13:28
    VLAI
    Title
    Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL
    Summary
    Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the local-file branch. Version 8.6.1 contains a patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55542",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T13:27:48.122702Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T13:28:25.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the local-file branch. Version 8.6.1 contains a patch."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 1.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T20:32:14.897Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6mmj-jhqj-6c6q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6mmj-jhqj-6c6q"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/ded6515cbc27a28f07395da318483c2e96263259",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/ded6515cbc27a28f07395da318483c2e96263259"
            }
          ],
          "source": {
            "advisory": "GHSA-6mmj-jhqj-6c6q",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT\u0027s S3 signature image retrieval lacks authorization before temporary URL"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55542",
        "datePublished": "2026-07-08T20:32:14.897Z",
        "dateReserved": "2026-06-16T23:01:04.074Z",
        "dateUpdated": "2026-07-09T13:28:25.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48493 (GCVE-0-2026-48493)

    Vulnerability from cvelistv5 – Published: 2026-06-23 22:11 – Updated: 2026-06-25 13:01
    VLAI
    Title
    Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment
    Summary
    Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except admin and superuser — for example `assets.view`, `assets.create`, `reports.view`, import, etc. The issue is patched in version 8.6.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48493",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T13:00:57.003096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T13:01:19.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except admin and superuser \u2014 for example `assets.view`, `assets.create`, `reports.view`, import, etc. The issue is patched in version 8.6.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T22:11:06.847Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-52fw-7fw2-fmv5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-52fw-7fw2-fmv5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/19024",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/19024"
            }
          ],
          "source": {
            "advisory": "GHSA-52fw-7fw2-fmv5",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-48493",
        "datePublished": "2026-06-23T22:11:06.847Z",
        "dateReserved": "2026-05-21T15:33:08.292Z",
        "dateUpdated": "2026-06-25T13:01:19.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48507 (GCVE-0-2026-48507)

    Vulnerability from cvelistv5 – Published: 2026-06-08 15:41 – Updated: 2026-06-08 18:03
    VLAI
    Title
    Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users
    Summary
    Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the instance by editing the `activated` flag (which determines whether or not a user can login) and the `ldap_import` flag, which determines whether or not the user can request a password reset. Version 8.6.0 contains a patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T18:02:32.917829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T18:03:30.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the instance  by editing the `activated` flag (which determines whether or not a user can login) and the `ldap_import` flag, which determines whether or not the user can request a password reset. Version 8.6.0 contains a patch."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T15:41:01.840Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a"
            }
          ],
          "source": {
            "advisory": "GHSA-6f75-x745-xcpr",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-48507",
        "datePublished": "2026-06-08T15:41:01.840Z",
        "dateReserved": "2026-05-21T16:18:10.618Z",
        "dateUpdated": "2026-06-08T18:03:30.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44833 (GCVE-0-2026-44833)

    Vulnerability from cvelistv5 – Published: 2026-05-26 19:30 – Updated: 2026-05-27 14:21
    VLAI
    Title
    Snipe-IT: Open redirect vulnerability
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.4.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T14:20:51.410457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T14:21:12.573Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.4.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T19:30:48.852Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373"
            }
          ],
          "source": {
            "advisory": "GHSA-mghp-5cq4-v6mg",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Open redirect vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-44833",
        "datePublished": "2026-05-26T19:30:48.852Z",
        "dateReserved": "2026-05-07T21:21:48.352Z",
        "dateUpdated": "2026-05-27T14:21:12.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }