CVE-2026-54329 in snipe-itinfo

Zusammenfassung

von MITRE • 10.07.2026

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

GitHub M

Reservieren

12.06.2026

Veröffentlichung

10.07.2026

Moderieren

akzeptiert

Eintrag

VDB-377587

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!