Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-54329

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while company_id is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another company when Full Multiple Companies Support is enabled. This issue is fixed in version 8.6.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 31.0%
CVSS Severity
CVSS v3 Score 8.5
Products affected by CVE-2026-54329


Contact Us

Shodan ® - All rights reserved