Snipe-IT: Privilege Escalation via API Permissions Assignment_CVE-2026-44832

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1.

Basic Information

ID CVE-2026-44832

Source GitHub_M

Published May 26, 2026 at 19:29

Affected Product

Vendor grokability

Product snipe-it

Version < 8.4.1

Affected Versions grokability snipe-it < 8.4.1

CWE Classification

CWE-281 CWE-863

References

{
    "lastseen": "",
    "description": "Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1.",
    "published": "2026-05-26T19:29:31.026Z",
    "modified": "2026-05-26T19:29:31.026Z",
    "type": "cve",
    "title": "Snipe-IT: Privilege Escalation via API Permissions Assignment",
    "source": "GitHub_M",
    "references": "https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr\nhttps://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569",
    "id": "CVE-2026-44832",
    "bulletinFamily": "",
    "cwe": [
        "CWE-281",
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "grokability snipe-it < 8.4.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "snipe-it",
    "version": "< 8.4.1",
    "vendor": "grokability",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}