PatchSiren

Snipeitapp CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Snipeitapp CVE published 2026-07-10

CVE-2026-55516

CVE-2026-55516 is a HIGH severity vulnerability in Snipe-IT, an IT asset/license management system. Prior to version 8.6.2, an authorized user can manipulate a maintenance record to reference an asset outside their company scope. The vulnerability exists because the PATCH or PUT /api/v1/maintenances/{maintenance_id} endpoint checks access to the current maintenance record and asset but then fills attacker [truncated]

MEDIUM Snipeitapp CVE published 2026-07-10

CVE-2026-55472

CVE-2026-55472 is a MEDIUM severity vulnerability in Snipe-IT, an IT asset/license management system. When Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in ver [truncated]