GHSA-6x4j-8954-5hxmMediumCVSS 5.8

Snipe-IT has a 2FA reset privilege bypass

Published
June 23, 2026
Last Modified
June 23, 2026

🔗 CVE IDs covered (1)

📋 Description

Impact

A user who can edit other users could reset a superadmin's 2FA.

Patches

Patched in 8.5.0

🎯 Affected products1

  • composer/snipe/snipe-it:< 8.5.0

🔗 References (2)