PT-2026-57288 · Grokability · Snipe-It
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-55475
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N |
Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created by value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in version 8.6.1.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snipe-It