CVE-2026-55519

LOWPre-NVD 0.0
0.0
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • No confirmed exploitation signals yet
CISA-KEV: Not listedEPSS: CVSS: Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

Snipe-IT has Improper Authorization in File Deletion (IDOR)

Impact

A vulnerability was identified in Snipe-IT v8.4.0 (build 21280-g91a95dbc6) that allows any authenticated user with generic asset edit permissions to delete files attached to any asset in the system, regardless of ownership or company assignment. This constitutes an Insecure Direct Object Reference (IDOR) vulnerability caused by a class-level authorization check in the file deletion endpoint, where an instance-level check is required.

The vulnerability exists in both the web and API controllers, affecting all Snipe-IT installations running version 8.4.0 and potentially earlier versions.

Patches

Patched in https://github.com/grokability/snipe-it/commit/8bc7d50e35d93eee5a0d48b4923e497937cf93fd

CVSS v3
EG Score
0.0(none)
EPSS
KEV
Not listed

Published

June 23, 2026

Last Modified

June 23, 2026

Vendor Advisories for CVE-2026-55519(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Data Freshness Timeline

(refreshed 0× in last 7d / 1× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-06-23 23:31 UTCEG score recompute

Frequently asked(3)

What is CVE-2026-55519?
CVE-2026-55519 is a low vulnerability published on June 23, 2026. Snipe-IT has Improper Authorization in File Deletion (IDOR) Impact A vulnerability was identified in Snipe-IT v8.4.0 (build 21280-g91a95dbc6) that allows any authenticated user with generic asset edit permissions to delete files attached to any asset in the system, regardless of ownership or…
When was CVE-2026-55519 disclosed?
CVE-2026-55519 was first published in the National Vulnerability Database on June 23, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
How do I remediate CVE-2026-55519?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-55519, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-55519

Explore →

Is Your Infrastructure Affected by CVE-2026-55519?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.