Post cover image

July 3, 2026

CVE-2026–48493: Privilege Escalation via Permission Bypass in Snipe-IT

CVE-2026–48493 affects Snipe-IT versions below 8.6.0. The user update API endpoint (PATCH /api/v1/users/{id}) does not sufficiently…

By Ali İltizar

3 min read