Product
critical
advisory
Snipe-IT File Upload Vulnerability Leads to Remote Code Execution (CVE-2026-37709)
2 rules 1 TTP 1 CVESnipe-IT versions prior to 8.4.1 are vulnerable to remote code execution due to insecure permissions on file uploads, where an attacker can upload arbitrary files and execute code on the server.
snipe-it
remote code execution
file upload
insecure permissions
asset management
CVE-2026-37709
2r
1t
1c
high
advisory
Snipe-IT Privilege Escalation via API Permissions Assignment (CVE-2026-44832)
2 rules 1 TTPAn authenticated user with limited 'users.edit' permissions can escalate their privileges to 'admin' in Snipe-IT versions before 8.4.1 by manipulating the permissions array in a PATCH request to the API, as tracked by CVE-2026-44832.
Snipe-IT
privilege-escalation
web-application
api
2r
1t