Mass Assignment Vulnerability in Snipe-IT Accessory API for IT Asset Management
CVE-2026-54329
8.5HIGH
What is CVE-2026-54329?
A mass assignment vulnerability exists in Snipe-IT that impacts the Accessories API before version 8.6.2. This flaw allows a low-privileged authenticated user from one company to manipulate request parameters and create accessory records for another company when Full Multiple Companies Support is enabled. This security loophole compromises data separation and integrity among companies utilizing the application.
Affected Version(s)
snipe-it < 8.6.2
