License Reclaim Vulnerability in Snipe-IT IT Asset Management System
CVE-2026-55479

5.3MEDIUM

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-55479?

In Snipe-IT, an IT asset and license management system, versions prior to 8.6.2 contain a significant vulnerability in the legacy single-seat license check-in flow. This design flaw allows users with permission to assign licenses to illicitly access the check-in endpoint and reclaim licenses assigned to other users or assets. This issue arose because the action is authorized based on checkout permissions rather than the intended check-in permissions. The vulnerability was addressed in version 8.6.2, where proper authorization checks were implemented to prevent unauthorized license reclaiming.

Affected Version(s)

snipe-it < 8.6.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.