Authorization Flaw in Snipe-IT IT Asset Management by Grokability
CVE-2026-55462

4.3MEDIUM

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-55462?

Snipe-IT, an IT asset and license management system developed by Grokability, has an authorization flaw in its UsersController::show() and printInventory() functions. Before version 8.6.2, these functions improperly authorized user access, allowing authenticated users with limited permissions to view sensitive inventory costs and order metadata. This could lead to unauthorized disclosure of information that should be restricted based on user roles. The issue has been addressed and fixed in version 8.6.2, enhancing the security of user data and ensuring proper access controls.

Affected Version(s)

snipe-it < 8.6.2

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.