Snipe-IT CVE-2026-50550
MEDIUMSeverity by source
AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Web application reachable over network (AV:N); low privileges reflect required edit-user role (PR:L); no victim interaction needed to reset 2FA (UI:N); impact is purely integrity - disabling MFA - with no confidentiality or availability effect.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Impact
A user who can edit other users could reset a superadmin's 2FA.
Patches
Patched in 8.5.0
AnalysisAI
Privilege escalation in Snipe-IT allows a low-privileged authenticated user with 'edit users' permission to reset a superadmin's two-factor authentication (2FA), stripping the highest-privilege account of its MFA protection. This CWE-862 (Missing Authorization) flaw affects all Snipe-IT composer releases prior to 8.5.0. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold an authenticated Snipe-IT session with a role that grants permission to edit other users - this is not the default for standard user accounts and requires deliberate assignment by an administrator. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-assigned CVSS 5.8 Medium score (AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N) reflects several limiting factors: adjacent-network attack vector (implying an internal deployment context), low but real privilege requirement (an existing account with edit-user rights), and required user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Snipe-IT user - for example, an IT helpdesk operator granted permission to manage user accounts - navigates to the superadmin's profile in the user management interface and triggers the 2FA reset function. Because the application does not enforce a privilege boundary check, the operation succeeds, leaving the superadmin account without an active second factor. … |
| Remediation | Upgrade Snipe-IT to version 8.5.0 or later; this is the vendor-released patch that resolves the missing authorization check (vendor advisory: https://github.com/grokability/snipe-it/security/advisories/GHSA-6x4j-8954-5hxm). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-6x4j-8954-5hxm