Auth bypass in Grokability Snipe-it

CVE-2026-55479

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses bu…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References