Mass Assignment Vulnerability in Snipe-IT Accessory API for IT Asset Management
CVE-2026-54329

8.5HIGH

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-54329?

A mass assignment vulnerability exists in Snipe-IT that impacts the Accessories API before version 8.6.2. This flaw allows a low-privileged authenticated user from one company to manipulate request parameters and create accessory records for another company when Full Multiple Companies Support is enabled. This security loophole compromises data separation and integrity among companies utilizing the application.

Affected Version(s)

snipe-it < 8.6.2

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.