Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-55462

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and printInventory() authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and cost/order metadata from modules that direct permissions would otherwise deny. This issue is fixed in version 8.6.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 16.5%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-55462


Contact Us

Shodan ® - All rights reserved