Auth bypass in Grokability Snipe-it
CVE-2026-48492
Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a…
Vulnerability class: Broken Access Control
Affected products
- Grokability Snipe-it — versions < 8.5.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)