CVE-2026-48507
7.1 HIGHSnipe-IT is an IT asset/license management system
Published: 2026-06-08 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
- CWE
- CWE-863
Affected products
| Vendor | Product |
|---|---|
| snipeitapp | snipe-it |
Description
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the instance by editing the `activated` flag (which determines whether or not a user can login) and the `ldap_import` flag, which determines whether or not the user can request a password reset. Version 8.6.0 contains a patch.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-44833 — Snipe-IT is an IT asset/license management system (5.9 MEDIUM)
- CVE-2026-44832 — Snipe-IT is an IT asset/license management system (8.8 HIGH)
- CVE-2026-44831 — Snipe-IT is an IT asset/license management system (4.8 MEDIUM)
Same CWE
- CVE-2026-24724 — An incorrect authorization vulnerability has been reported to affect File Station 6
- CVE-2026-48303 — Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could re... (10.0 CRITICAL)
- CVE-2026-47929 — ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary c... (8.4 HIGH)
- CVE-2026-47910 — Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file ... (6.3 MEDIUM)
- CVE-2026-41852 — A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within r... (3.7 LOW)