CVE-2026-48507

Summary

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag (which determines whether or not a user can login) and the ldap_import flag, which determines whether or not the user can request a password reset. Version 8.6.0 contains a patch.

Affected Software

VendorProductVersion RangeStatus
grokabilitysnipe-it< 8.6.0affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References