Auth bypass in Grokability Snipe-it

CVE-2026-55542

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obta…

Vulnerability class: Broken Access Control

Affected products

Weakness classification (CWE)

References