CVE-2026-48507: CWE-863: Incorrect Authorization in grokability snipe-it
Snipe-IT versions prior to 8. 6. 0 contain an authorization vulnerability where a non-admin user with the 'users. edit' permission can modify critical user flags. This allows such a user to disable admin accounts by changing the 'activated' flag, preventing admin logins, and the 'ldap_import' flag, blocking password reset requests. The issue is fixed in version 8. 6. 0. The vulnerability has a high severity with a CVSS score of 7. 1.
AI Analysis
Technical Summary
CVE-2026-48507 is an incorrect authorization vulnerability (CWE-863) in Snipe-IT, an IT asset/license management system by grokability. In versions before 8.6.0, a non-admin user granted only the granular 'users.edit' permission can edit the 'activated' and 'ldap_import' flags of other users, including admins. This enables the attacker to lock out all admin users by deactivating their accounts and preventing password resets. The vulnerability is addressed by a patch included in Snipe-IT version 8.6.0.
Potential Impact
The vulnerability allows a non-admin user with limited permissions to effectively lock out all admin users from the Snipe-IT instance by disabling their ability to log in and reset passwords. This results in a denial of service for administrative functions, potentially disrupting IT asset and license management operations. There is no direct confidentiality impact reported.
Mitigation Recommendations
Upgrade Snipe-IT to version 8.6.0 or later, which contains the official patch for this vulnerability. Until the upgrade is applied, restrict the 'users.edit' permission to trusted users only to minimize risk. Patch status is confirmed by the vendor's versioning information indicating the fix is included in 8.6.0.
CVE-2026-48507: CWE-863: Incorrect Authorization in grokability snipe-it
Description
Snipe-IT versions prior to 8. 6. 0 contain an authorization vulnerability where a non-admin user with the 'users. edit' permission can modify critical user flags. This allows such a user to disable admin accounts by changing the 'activated' flag, preventing admin logins, and the 'ldap_import' flag, blocking password reset requests. The issue is fixed in version 8. 6. 0. The vulnerability has a high severity with a CVSS score of 7. 1.
CVSS v3.1
Score 7.1high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-48507 is an incorrect authorization vulnerability (CWE-863) in Snipe-IT, an IT asset/license management system by grokability. In versions before 8.6.0, a non-admin user granted only the granular 'users.edit' permission can edit the 'activated' and 'ldap_import' flags of other users, including admins. This enables the attacker to lock out all admin users by deactivating their accounts and preventing password resets. The vulnerability is addressed by a patch included in Snipe-IT version 8.6.0.
Potential Impact
The vulnerability allows a non-admin user with limited permissions to effectively lock out all admin users from the Snipe-IT instance by disabling their ability to log in and reset passwords. This results in a denial of service for administrative functions, potentially disrupting IT asset and license management operations. There is no direct confidentiality impact reported.
Mitigation Recommendations
Upgrade Snipe-IT to version 8.6.0 or later, which contains the official patch for this vulnerability. Until the upgrade is applied, restrict the 'users.edit' permission to trusted users only to minimize risk. Patch status is confirmed by the vendor's versioning information indicating the fix is included in 8.6.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-21T16:18:10.618Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a26f68ee29bf47b50440d62
Added to database: 6/8/2026, 5:06:22 PM
Last enriched: 6/8/2026, 5:18:25 PM
Last updated: 6/8/2026, 6:55:24 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.