License Reclaim Vulnerability in Snipe-IT IT Asset Management System
CVE-2026-55479
5.3MEDIUM
What is CVE-2026-55479?
In Snipe-IT, an IT asset and license management system, versions prior to 8.6.2 contain a significant vulnerability in the legacy single-seat license check-in flow. This design flaw allows users with permission to assign licenses to illicitly access the check-in endpoint and reclaim licenses assigned to other users or assets. This issue arose because the action is authorized based on checkout permissions rather than the intended check-in permissions. The vulnerability was addressed in version 8.6.2, where proper authorization checks were implemented to prevent unauthorized license reclaiming.
Affected Version(s)
snipe-it < 8.6.2
