CVE-2026-44832

NVD data not available for this CVE. It may be pending analysis or not yet published.

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-44832 — Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authentic...

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update

CVE-2026-44832
NIST NVD