CVE-2026-55516
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...