CVE-2026-55479
Snipe-IT before 8.6.2 contains a logic flaw in the legacy single-seat license checkin flow: the action is authorized with checkout permission instead of checkin permission, allowing a user who can assign licenses (but not unassign them) to access the old checkin endpoint and reclaim a license sea...