Vulnerability Details CVE-2026-55475
Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created_by value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in version 8.6.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 9.4%
CVSS Severity
CVSS v3 Score 5.7