Skip to main content

Snipe-IT CVE-2026-50550

MEDIUM
Missing Authorization (CWE-862)
2026-06-23 https://github.com/grokability/snipe-it GHSA-6x4j-8954-5hxm
5.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.8 MEDIUM
AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
vuln.today AI
6.5 MEDIUM

Web application reachable over network (AV:N); low privileges reflect required edit-user role (PR:L); no victim interaction needed to reset 2FA (UI:N); impact is purely integrity - disabling MFA - with no confidentiality or availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 23, 2026 - 23:51 vuln.today
Analysis Generated
Jun 23, 2026 - 23:51 vuln.today

DescriptionGitHub Advisory

Impact

A user who can edit other users could reset a superadmin's 2FA.

Patches

Patched in 8.5.0

AnalysisAI

Privilege escalation in Snipe-IT allows a low-privileged authenticated user with 'edit users' permission to reset a superadmin's two-factor authentication (2FA), stripping the highest-privilege account of its MFA protection. This CWE-862 (Missing Authorization) flaw affects all Snipe-IT composer releases prior to 8.5.0. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged user with edit-users role
Delivery
Navigate to superadmin user profile in user management
Exploit
Submit 2FA reset request, bypassing authorization check
Execution
Superadmin 2FA disabled without their knowledge
Persist
Acquire superadmin password via separate means
Impact
Authenticate as superadmin with single factor only

Vulnerability AssessmentAI

Exploitation The attacker must hold an authenticated Snipe-IT session with a role that grants permission to edit other users - this is not the default for standard user accounts and requires deliberate assignment by an administrator. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 5.8 Medium score (AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N) reflects several limiting factors: adjacent-network attack vector (implying an internal deployment context), low but real privilege requirement (an existing account with edit-user rights), and required user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Snipe-IT user - for example, an IT helpdesk operator granted permission to manage user accounts - navigates to the superadmin's profile in the user management interface and triggers the 2FA reset function. Because the application does not enforce a privilege boundary check, the operation succeeds, leaving the superadmin account without an active second factor. …
Remediation Upgrade Snipe-IT to version 8.5.0 or later; this is the vendor-released patch that resolves the missing authorization check (vendor advisory: https://github.com/grokability/snipe-it/security/advisories/GHSA-6x4j-8954-5hxm). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-50550 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy