Search

Find a vulnerability

Search criteria

    50 vulnerabilities found for snipe-it by grokability

    CVE-2026-55515 (GCVE-0-2026-55515)

    Vulnerability from nvd – Published: 2026-07-10 19:36 – Updated: 2026-07-10 19:36
    VLAI
    Title
    Snipe-IT: Cross-company deletion of pending checkout acceptances via unscoped report endpoint
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending()->find($acceptanceId) by global ID without checking access to the related checkoutable asset, allowing a reports user in one company to delete pending checkout acceptance records for another company. This issue is fixed in version 8.6.2.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending()-\u003efind($acceptanceId) by global ID without checking access to the related checkoutable asset, allowing a reports user in one company to delete pending checkout acceptance records for another company. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:36:45.157Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-35cr-9hqq-p2mg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-35cr-9hqq-p2mg"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/802067f3987a4b65bfc2efe60e22e07c24e01e6a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/802067f3987a4b65bfc2efe60e22e07c24e01e6a"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-35cr-9hqq-p2mg",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Cross-company deletion of pending checkout acceptances via unscoped report endpoint"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55515",
        "datePublished": "2026-07-10T19:36:45.157Z",
        "dateReserved": "2026-06-16T22:44:22.284Z",
        "dateUpdated": "2026-07-10T19:36:45.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55481 (GCVE-0-2026-55481)

    Vulnerability from nvd – Published: 2026-07-10 19:45 – Updated: 2026-07-10 19:45
    VLAI
    Title
    Snipe-IT: CSS Injection via `header_color` Setting
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders header_color and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects authenticated users on subsequent page loads when Content Security Policy is disabled. This issue is fixed in version 8.6.2.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders header_color and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects authenticated users on subsequent page loads when Content Security Policy is disabled. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:45:14.984Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-w7qw-5wfv-gwx9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-w7qw-5wfv-gwx9"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/19097",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/19097"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/c31190a128ec96fb34000a2f27eae198b1a51d40",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/c31190a128ec96fb34000a2f27eae198b1a51d40"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-w7qw-5wfv-gwx9",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: CSS Injection via `header_color` Setting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55481",
        "datePublished": "2026-07-10T19:45:14.984Z",
        "dateReserved": "2026-06-16T22:28:27.061Z",
        "dateUpdated": "2026-07-10T19:45:14.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55479 (GCVE-0-2026-55479)

    Vulnerability from nvd – Published: 2026-07-10 19:40 – Updated: 2026-07-10 20:57
    VLAI
    Title
    Snipe-IT: Incorrect permission for legacy license checkin API
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin endpoint and reclaim a license seat assigned to another user or asset. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55479",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:16.560216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:57:59.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin endpoint and reclaim a license seat assigned to another user or asset. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:40:52.446Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8frh-vhgh-64cf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8frh-vhgh-64cf"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/80c8aa41dc813b0815db00bb44eb0fff9f89a227",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/80c8aa41dc813b0815db00bb44eb0fff9f89a227"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-8frh-vhgh-64cf",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Incorrect permission for legacy license checkin API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55479",
        "datePublished": "2026-07-10T19:40:52.446Z",
        "dateReserved": "2026-06-16T22:28:27.061Z",
        "dateUpdated": "2026-07-10T20:57:59.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55475 (GCVE-0-2026-55475)

    Vulnerability from nvd – Published: 2026-07-10 19:43 – Updated: 2026-07-10 19:43
    VLAI
    Title
    Snipe-IT: Import created_by can be overwritten
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created_by value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in version 8.6.1.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created_by value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in version 8.6.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:43:56.948Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-5wx7-xq8j-v4qm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-5wx7-xq8j-v4qm"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/19072",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/19072"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/39fbe983132feca2ef15c1c0200fcc77c23a1434",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/39fbe983132feca2ef15c1c0200fcc77c23a1434"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.1"
            }
          ],
          "source": {
            "advisory": "GHSA-5wx7-xq8j-v4qm",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Import created_by can be overwritten"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55475",
        "datePublished": "2026-07-10T19:43:56.948Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-10T19:43:56.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55469 (GCVE-0-2026-55469)

    Vulnerability from nvd – Published: 2026-07-10 19:42 – Updated: 2026-07-10 20:16
    VLAI
    Title
    Snipe-IT: Path traversal vulnerability via CSV import `image` field
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the server process. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:16:07.254592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:16:14.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the server process. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:42:36.798Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-xr9m-gphc-9p63",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-xr9m-gphc-9p63"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/abc4363e8393b29a5566b8c50144426af72bbc97",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/abc4363e8393b29a5566b8c50144426af72bbc97"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-xr9m-gphc-9p63",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Path traversal vulnerability via CSV import `image` field"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55469",
        "datePublished": "2026-07-10T19:42:36.798Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T20:16:14.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55466 (GCVE-0-2026-55466)

    Vulnerability from nvd – Published: 2026-07-10 19:37 – Updated: 2026-07-10 19:37
    VLAI
    Title
    Snipe-IT: Stored XSS via inline-served attachment
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline(), allowing a low-privilege user to upload active XHTML or XML content that is later served same-origin and executes JavaScript in a viewer’s browser. This issue is fixed in version 8.6.2.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline(), allowing a low-privilege user to upload active XHTML or XML content that is later served same-origin and executes JavaScript in a viewer\u2019s browser. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:37:54.362Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-jhph-5q74-pmfx",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-jhph-5q74-pmfx"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/000cea0a622d586366cf60d2240c7c2a4b17c955",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/000cea0a622d586366cf60d2240c7c2a4b17c955"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-jhph-5q74-pmfx",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Stored XSS via inline-served attachment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55466",
        "datePublished": "2026-07-10T19:37:54.362Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T19:37:54.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55462 (GCVE-0-2026-55462)

    Vulnerability from nvd – Published: 2026-07-10 19:35 – Updated: 2026-07-10 19:35
    VLAI
    Title
    Snipe-IT: Authorization bypass on print inventory page
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and printInventory() authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and cost/order metadata from modules that direct permissions would otherwise deny. This issue is fixed in version 8.6.2.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and printInventory() authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and cost/order metadata from modules that direct permissions would otherwise deny. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:35:05.107Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-fc33-6w3q-538h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-fc33-6w3q-538h"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-fc33-6w3q-538h",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Authorization bypass on print inventory page"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55462",
        "datePublished": "2026-07-10T19:35:05.107Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T19:35:05.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55461 (GCVE-0-2026-55461)

    Vulnerability from nvd – Published: 2026-07-10 19:41 – Updated: 2026-07-10 19:41
    VLAI
    Title
    Snipe-IT: Open Redirect After User Edit
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url()->previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect()->intended(...) when redirect_option=back is submitted, allowing Snipe-IT to be used as a trusted redirector after a legitimate user edit action. This issue is fixed in version 8.6.2.
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url()-\u003eprevious() from the attacker-controlled Referer header into Laravel\u2019s intended URL session value and later uses redirect()-\u003eintended(...) when redirect_option=back is submitted, allowing Snipe-IT to be used as a trusted redirector after a legitimate user edit action. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:41:50.744Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-wg2f-x2c2-c4rp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-wg2f-x2c2-c4rp"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/f4cac9635868c020174361ad7a80b2545a4e7623",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/f4cac9635868c020174361ad7a80b2545a4e7623"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-wg2f-x2c2-c4rp",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Open Redirect After User Edit"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55461",
        "datePublished": "2026-07-10T19:41:50.744Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T19:41:50.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55452 (GCVE-0-2026-55452)

    Vulnerability from nvd – Published: 2026-07-10 19:40 – Updated: 2026-07-10 20:58
    VLAI
    Title
    Snipe-IT: CSV formula injection in Activity Report export
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. This issue is fixed in version 8.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55452",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:18.107100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:58:08.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. This issue is fixed in version 8.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:40:05.790Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-whrx-mmgr-gpcf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-whrx-mmgr-gpcf"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/7b7d2c87fbc965a7933b1bf9e3f2c331b8c8e19c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/7b7d2c87fbc965a7933b1bf9e3f2c331b8c8e19c"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0"
            }
          ],
          "source": {
            "advisory": "GHSA-whrx-mmgr-gpcf",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: CSV formula injection in Activity Report export"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55452",
        "datePublished": "2026-07-10T19:40:05.790Z",
        "dateReserved": "2026-06-16T21:59:57.018Z",
        "dateUpdated": "2026-07-10T20:58:08.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55843 (GCVE-0-2026-55843)

    Vulnerability from nvd – Published: 2026-07-10 18:33 – Updated: 2026-07-10 18:33
    VLAI
    Title
    Snipe-IT: Improper Privilege Management
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse result, allowing an administrator updating another administrator, or a user with users.edit updating a regular account, to remove the target’s administrative or granular permissions. This issue is fixed in version 8.6.0.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user\u2019s permissions with a sparse result, allowing an administrator updating another administrator, or a user with users.edit updating a regular account, to remove the target\u2019s administrative or granular permissions. This issue is fixed in version 8.6.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:33:09.250Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-j5g3-42wp-gqm3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-j5g3-42wp-gqm3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/1cff2d67aabd00ee51d864c1d7fb717494c1d6ad",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/1cff2d67aabd00ee51d864c1d7fb717494c1d6ad"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0"
            }
          ],
          "source": {
            "advisory": "GHSA-j5g3-42wp-gqm3",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Improper Privilege Management"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55843",
        "datePublished": "2026-07-10T18:33:09.250Z",
        "dateReserved": "2026-06-17T16:29:38.865Z",
        "dateUpdated": "2026-07-10T18:33:09.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55516 (GCVE-0-2026-55516)

    Vulnerability from nvd – Published: 2026-07-10 18:31 – Updated: 2026-07-10 18:31
    VLAI
    Title
    Snipe-IT: Cross-company asset maintenance re-parenting via API update
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re-authorizing the newly supplied asset, allowing an authorized user to move a maintenance record onto an asset outside their company scope. This issue is fixed in version 8.6.2.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset_id without re-authorizing the newly supplied asset, allowing an authorized user to move a maintenance record onto an asset outside their company scope. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:31:57.507Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-575r-357h-fhch",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-575r-357h-fhch"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/905d498ecdb0ee5591231c97bf48435e92044368",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/905d498ecdb0ee5591231c97bf48435e92044368"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-575r-357h-fhch",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Cross-company asset maintenance re-parenting via API update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55516",
        "datePublished": "2026-07-10T18:31:57.507Z",
        "dateReserved": "2026-06-16T22:44:22.284Z",
        "dateUpdated": "2026-07-10T18:31:57.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55478 (GCVE-0-2026-55478)

    Vulnerability from nvd – Published: 2026-07-10 18:34 – Updated: 2026-07-10 20:58
    VLAI
    Title
    Snipe-IT: Missing object-level authorization in Kits API
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should not be able to access or manage into a kit. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55478",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:19.627117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:58:14.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should not be able to access or manage into a kit. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:34:15.757Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-crv3-j83j-f3r6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-crv3-j83j-f3r6"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/0d870d540d27107634f3134e0e7f106b3faa6992",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/0d870d540d27107634f3134e0e7f106b3faa6992"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-crv3-j83j-f3r6",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Missing object-level authorization in Kits API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55478",
        "datePublished": "2026-07-10T18:34:15.757Z",
        "dateReserved": "2026-06-16T22:28:27.061Z",
        "dateUpdated": "2026-07-10T20:58:14.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55476 (GCVE-0-2026-55476)

    Vulnerability from nvd – Published: 2026-07-10 18:35 – Updated: 2026-07-10 18:35
    VLAI
    Title
    Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that user’s pending asset requests. This issue is fixed in version 8.6.0.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?} accepts cancel_by_admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that user\u2019s pending asset requests. This issue is fixed in version 8.6.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:35:49.893Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-53jc-27pc-x8r8",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-53jc-27pc-x8r8"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/3c1b18919afbba12d419a9795929493b0391c91a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/3c1b18919afbba12d419a9795929493b0391c91a"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/ac2162113d9e25e4c61b61916ce67fb2a1050553",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/ac2162113d9e25e4c61b61916ce67fb2a1050553"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.0"
            }
          ],
          "source": {
            "advisory": "GHSA-53jc-27pc-x8r8",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55476",
        "datePublished": "2026-07-10T18:35:49.893Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-10T18:35:49.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55474 (GCVE-0-2026-55474)

    Vulnerability from nvd – Published: 2026-07-10 18:29 – Updated: 2026-07-10 19:12
    VLAI
    Title
    Snipe-IT: Directory traversal in displaySig
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55474",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T19:12:19.818201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T19:12:30.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:29:56.511Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-c6f4-wj38-m3g3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-c6f4-wj38-m3g3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/18927",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/18927"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/cd69a7ea53e030e6e05f08be18daac672c8c4121",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/cd69a7ea53e030e6e05f08be18daac672c8c4121"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0"
            }
          ],
          "source": {
            "advisory": "GHSA-c6f4-wj38-m3g3",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Directory traversal in displaySig"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55474",
        "datePublished": "2026-07-10T18:29:56.511Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-10T19:12:30.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55472 (GCVE-0-2026-55472)

    Vulnerability from nvd – Published: 2026-07-10 18:36 – Updated: 2026-07-10 18:36
    VLAI
    Title
    Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:36:58.923Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-8w8c-8mx9-52cw",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55472",
        "datePublished": "2026-07-10T18:36:58.923Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-10T18:36:58.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55464 (GCVE-0-2026-55464)

    Vulnerability from nvd – Published: 2026-07-10 18:40 – Updated: 2026-07-10 18:40
    VLAI
    Title
    Snipe-IT: Stored XSS via Markdown custom field
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:40:42.050Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-r52f-r9v5-66xr",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Stored XSS via Markdown custom field"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55464",
        "datePublished": "2026-07-10T18:40:42.050Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T18:40:42.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55460 (GCVE-0-2026-55460)

    Vulnerability from nvd – Published: 2026-07-10 18:39 – Updated: 2026-07-10 18:39
    VLAI
    Title
    Snipe-IT: Authorization bypass on bulk editing users
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:39:22.370Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-vgx7-c78r-69w9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-vgx7-c78r-69w9"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-vgx7-c78r-69w9",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Authorization bypass on bulk editing users"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55460",
        "datePublished": "2026-07-10T18:39:22.370Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T18:39:22.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54329 (GCVE-0-2026-54329)

    Vulnerability from nvd – Published: 2026-07-10 18:26 – Updated: 2026-07-10 20:58
    VLAI
    Title
    Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:21.168886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:58:22.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:26:44.378Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-pwpj-p52h-q484",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-pwpj-p52h-q484"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/6a0ec6945126a79fc25c0990c99abe632db370c3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/6a0ec6945126a79fc25c0990c99abe632db370c3"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/dc8cbf4786bb38b260b4ae1723ec9e7f81d82fe5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/dc8cbf4786bb38b260b4ae1723ec9e7f81d82fe5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/e2bea57146eb3a3781b5eb21b69d7e04cc87c268",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/e2bea57146eb3a3781b5eb21b69d7e04cc87c268"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-pwpj-p52h-q484",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54329",
        "datePublished": "2026-07-10T18:26:44.378Z",
        "dateReserved": "2026-06-12T18:42:02.224Z",
        "dateUpdated": "2026-07-10T20:58:22.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55481 (GCVE-0-2026-55481)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:45 – Updated: 2026-07-10 19:45
    VLAI
    Title
    Snipe-IT: CSS Injection via `header_color` Setting
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders header_color and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects authenticated users on subsequent page loads when Content Security Policy is disabled. This issue is fixed in version 8.6.2.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders header_color and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects authenticated users on subsequent page loads when Content Security Policy is disabled. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:45:14.984Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-w7qw-5wfv-gwx9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-w7qw-5wfv-gwx9"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/19097",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/19097"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/c31190a128ec96fb34000a2f27eae198b1a51d40",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/c31190a128ec96fb34000a2f27eae198b1a51d40"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-w7qw-5wfv-gwx9",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: CSS Injection via `header_color` Setting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55481",
        "datePublished": "2026-07-10T19:45:14.984Z",
        "dateReserved": "2026-06-16T22:28:27.061Z",
        "dateUpdated": "2026-07-10T19:45:14.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55475 (GCVE-0-2026-55475)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:43 – Updated: 2026-07-10 19:43
    VLAI
    Title
    Snipe-IT: Import created_by can be overwritten
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created_by value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in version 8.6.1.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created_by value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in version 8.6.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:43:56.948Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-5wx7-xq8j-v4qm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-5wx7-xq8j-v4qm"
            },
            {
              "name": "https://github.com/grokability/snipe-it/pull/19072",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/pull/19072"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/39fbe983132feca2ef15c1c0200fcc77c23a1434",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/39fbe983132feca2ef15c1c0200fcc77c23a1434"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.1"
            }
          ],
          "source": {
            "advisory": "GHSA-5wx7-xq8j-v4qm",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Import created_by can be overwritten"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55475",
        "datePublished": "2026-07-10T19:43:56.948Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-10T19:43:56.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55469 (GCVE-0-2026-55469)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:42 – Updated: 2026-07-10 20:16
    VLAI
    Title
    Snipe-IT: Path traversal vulnerability via CSV import `image` field
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the server process. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:16:07.254592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:16:14.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the server process. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:42:36.798Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-xr9m-gphc-9p63",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-xr9m-gphc-9p63"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/abc4363e8393b29a5566b8c50144426af72bbc97",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/abc4363e8393b29a5566b8c50144426af72bbc97"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-xr9m-gphc-9p63",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Path traversal vulnerability via CSV import `image` field"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55469",
        "datePublished": "2026-07-10T19:42:36.798Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T20:16:14.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55461 (GCVE-0-2026-55461)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:41 – Updated: 2026-07-10 19:41
    VLAI
    Title
    Snipe-IT: Open Redirect After User Edit
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url()->previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect()->intended(...) when redirect_option=back is submitted, allowing Snipe-IT to be used as a trusted redirector after a legitimate user edit action. This issue is fixed in version 8.6.2.
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url()-\u003eprevious() from the attacker-controlled Referer header into Laravel\u2019s intended URL session value and later uses redirect()-\u003eintended(...) when redirect_option=back is submitted, allowing Snipe-IT to be used as a trusted redirector after a legitimate user edit action. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:41:50.744Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-wg2f-x2c2-c4rp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-wg2f-x2c2-c4rp"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/f4cac9635868c020174361ad7a80b2545a4e7623",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/f4cac9635868c020174361ad7a80b2545a4e7623"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-wg2f-x2c2-c4rp",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Open Redirect After User Edit"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55461",
        "datePublished": "2026-07-10T19:41:50.744Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T19:41:50.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55479 (GCVE-0-2026-55479)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:40 – Updated: 2026-07-10 20:57
    VLAI
    Title
    Snipe-IT: Incorrect permission for legacy license checkin API
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin endpoint and reclaim a license seat assigned to another user or asset. This issue is fixed in version 8.6.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55479",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:16.560216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:57:59.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin endpoint and reclaim a license seat assigned to another user or asset. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:40:52.446Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8frh-vhgh-64cf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8frh-vhgh-64cf"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/80c8aa41dc813b0815db00bb44eb0fff9f89a227",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/80c8aa41dc813b0815db00bb44eb0fff9f89a227"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-8frh-vhgh-64cf",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Incorrect permission for legacy license checkin API"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55479",
        "datePublished": "2026-07-10T19:40:52.446Z",
        "dateReserved": "2026-06-16T22:28:27.061Z",
        "dateUpdated": "2026-07-10T20:57:59.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55452 (GCVE-0-2026-55452)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:40 – Updated: 2026-07-10 20:58
    VLAI
    Title
    Snipe-IT: CSV formula injection in Activity Report export
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. This issue is fixed in version 8.5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55452",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T20:46:18.107100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T20:58:08.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. This issue is fixed in version 8.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1236",
                  "description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:40:05.790Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-whrx-mmgr-gpcf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-whrx-mmgr-gpcf"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/7b7d2c87fbc965a7933b1bf9e3f2c331b8c8e19c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/7b7d2c87fbc965a7933b1bf9e3f2c331b8c8e19c"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.5.0"
            }
          ],
          "source": {
            "advisory": "GHSA-whrx-mmgr-gpcf",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: CSV formula injection in Activity Report export"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55452",
        "datePublished": "2026-07-10T19:40:05.790Z",
        "dateReserved": "2026-06-16T21:59:57.018Z",
        "dateUpdated": "2026-07-10T20:58:08.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55466 (GCVE-0-2026-55466)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:37 – Updated: 2026-07-10 19:37
    VLAI
    Title
    Snipe-IT: Stored XSS via inline-served attachment
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline(), allowing a low-privilege user to upload active XHTML or XML content that is later served same-origin and executes JavaScript in a viewer’s browser. This issue is fixed in version 8.6.2.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline(), allowing a low-privilege user to upload active XHTML or XML content that is later served same-origin and executes JavaScript in a viewer\u2019s browser. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:37:54.362Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-jhph-5q74-pmfx",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-jhph-5q74-pmfx"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/000cea0a622d586366cf60d2240c7c2a4b17c955",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/000cea0a622d586366cf60d2240c7c2a4b17c955"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-jhph-5q74-pmfx",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Stored XSS via inline-served attachment"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55466",
        "datePublished": "2026-07-10T19:37:54.362Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T19:37:54.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55515 (GCVE-0-2026-55515)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:36 – Updated: 2026-07-10 19:36
    VLAI
    Title
    Snipe-IT: Cross-company deletion of pending checkout acceptances via unscoped report endpoint
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending()->find($acceptanceId) by global ID without checking access to the related checkoutable asset, allowing a reports user in one company to delete pending checkout acceptance records for another company. This issue is fixed in version 8.6.2.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending()-\u003efind($acceptanceId) by global ID without checking access to the related checkoutable asset, allowing a reports user in one company to delete pending checkout acceptance records for another company. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:36:45.157Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-35cr-9hqq-p2mg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-35cr-9hqq-p2mg"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/802067f3987a4b65bfc2efe60e22e07c24e01e6a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/802067f3987a4b65bfc2efe60e22e07c24e01e6a"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-35cr-9hqq-p2mg",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Cross-company deletion of pending checkout acceptances via unscoped report endpoint"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55515",
        "datePublished": "2026-07-10T19:36:45.157Z",
        "dateReserved": "2026-06-16T22:44:22.284Z",
        "dateUpdated": "2026-07-10T19:36:45.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55462 (GCVE-0-2026-55462)

    Vulnerability from cvelistv5 – Published: 2026-07-10 19:35 – Updated: 2026-07-10 19:35
    VLAI
    Title
    Snipe-IT: Authorization bypass on print inventory page
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and printInventory() authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and cost/order metadata from modules that direct permissions would otherwise deny. This issue is fixed in version 8.6.2.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and printInventory() authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and cost/order metadata from modules that direct permissions would otherwise deny. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T19:35:05.107Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-fc33-6w3q-538h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-fc33-6w3q-538h"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-fc33-6w3q-538h",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Authorization bypass on print inventory page"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55462",
        "datePublished": "2026-07-10T19:35:05.107Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T19:35:05.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55464 (GCVE-0-2026-55464)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:40 – Updated: 2026-07-10 18:40
    VLAI
    Title
    Snipe-IT: Stored XSS via Markdown custom field
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:40:42.050Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-r52f-r9v5-66xr"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/006981cccffce1739e24d3b680b676f772f40e2d"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-r52f-r9v5-66xr",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Stored XSS via Markdown custom field"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55464",
        "datePublished": "2026-07-10T18:40:42.050Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T18:40:42.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55460 (GCVE-0-2026-55460)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:39 – Updated: 2026-07-10 18:39
    VLAI
    Title
    Snipe-IT: Authorization bypass on bulk editing users
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete_user=1 because BulkUsersController::destroy() authorizes only update, allowing the user to soft-delete another non-admin user. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:39:22.370Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-vgx7-c78r-69w9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-vgx7-c78r-69w9"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/374f426f0c6bb7a4f129f7b85051cc1da753a0f5"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-vgx7-c78r-69w9",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: Authorization bypass on bulk editing users"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55460",
        "datePublished": "2026-07-10T18:39:22.370Z",
        "dateReserved": "2026-06-16T22:10:37.608Z",
        "dateUpdated": "2026-07-10T18:39:22.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55472 (GCVE-0-2026-55472)

    Vulnerability from cvelistv5 – Published: 2026-07-10 18:36 – Updated: 2026-07-10 18:36
    VLAI
    Title
    Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation
    Summary
    Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    grokability snipe-it Affected: < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "grokability",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T18:36:58.923Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-8w8c-8mx9-52cw"
            },
            {
              "name": "https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/commit/9a8cbd6e00613a726b639a97a1da71b3c54f9489"
            },
            {
              "name": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/grokability/snipe-it/releases/tag/v8.6.2"
            }
          ],
          "source": {
            "advisory": "GHSA-8w8c-8mx9-52cw",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55472",
        "datePublished": "2026-07-10T18:36:58.923Z",
        "dateReserved": "2026-06-16T22:10:37.609Z",
        "dateUpdated": "2026-07-10T18:36:58.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }