Post cover image

July 2, 2026

CVE-2026–55476: Snipe-IT Unauthorized Asset Request Cancellation via cancel_by_admin IDOR

CVE-2026–55476 affects Snipe-IT v8.5.0 and earlier. The route POST /account/request/{itemType}/{itemId}/{cancel_by_admin}/{requestingUser}…

By Ali İltizar

3 min read