CVE-2026-54329
Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
10/07/2026
Última modificación:
10/07/2026
Descripción
*** Pendiente de traducción *** Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2.
Impacto
Puntuación base 3.x
8.50
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:* | 8.6.2 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://github.com/grokability/snipe-it/commit/6a0ec6945126a79fc25c0990c99abe632db370c3
- https://github.com/grokability/snipe-it/commit/dc8cbf4786bb38b260b4ae1723ec9e7f81d82fe5
- https://github.com/grokability/snipe-it/commit/e2bea57146eb3a3781b5eb21b69d7e04cc87c268
- https://github.com/grokability/snipe-it/releases/tag/v8.6.2
- https://github.com/grokability/snipe-it/security/advisories/GHSA-pwpj-p52h-q484



