Auth bypass in Grokability Snipe-it

CVE-2026-48492

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References