PT-2026-57288 · Grokability · Snipe-It

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-55475

CVSS v3.1

5.7

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created by value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in version 8.6.1.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55475

Affected Products

Snipe-It