PT-2026-57266 · Snipe-It · Snipe-It
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-55472
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Snipe-IT versions prior to 8.6.2
Description
When Full Multiple Companies Support and
scope locations fmcs are enabled, the API location creation endpoint fails to terminate the process after detecting an invalid parent-child company mismatch. This allows the creation of a child location under a parent location belonging to a different company.Recommendations
Update to version 8.6.2.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snipe-It