CVE-2026-48507

{"id": "CVE-2026-48507", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2026-06-08T17:16:52.390", "references": [{"url": "https://github.com/grokability/snipe-it/commit/403f9c848b05274642f64450696bdcdc242a352a", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/grokability/snipe-it/security/advisories/GHSA-6f75-x745-xcpr", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the instance by editing the `activated` flag (which determines whether or not a user can login) and the `ldap_import` flag, which determines whether or not the user can request a password reset. Version 8.6.0 contains a patch."}], "lastModified": "2026-06-09T16:41:26.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "698F7E88-EE9A-464A-AB75-BFD87E4AF0D2", "versionEndExcluding": "8.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}