CVE-2026-55542
Received Received - Intake

S3 Signature Image Retrieval Authorization Bypass in Snipe-IT

Vulnerability report for CVE-2026-55542, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: GitHub, Inc.

Description

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the `authorize()` call used by the local-file branch. Version 8.6.1 contains a patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
snipe-it snipe-it to 8.6.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Snipe-IT, an IT asset/license management system, in versions prior to 8.6.1. Specifically, the issue lies in the S3 signature image retrieval process where authorization is not properly enforced before generating a temporary URL. In S3-backed deployments, authenticated users who know the filename of a signature image can obtain a 5-minute signed S3 URL without proper authorization because the S3 branch returns the URL before the authorization check is performed, which is only done in the local-file branch.

This means that users with limited privileges might access signature images they should not be authorized to view.

Impact Analysis

The vulnerability allows authenticated users to access temporary signed URLs for signature images without proper authorization. This could lead to unauthorized access to sensitive signature images stored in S3 for a short period (5 minutes).

While the CVSS score is low (1.3), indicating limited impact, unauthorized access to signature images could potentially expose sensitive information or be used in social engineering or identity spoofing attacks.

Mitigation Strategies

To mitigate this vulnerability, upgrade Snipe-IT to version 8.6.1 or later, which contains a patch addressing the authorization bypass in S3 signature image retrieval.

Compliance Impact

The vulnerability allows authenticated users to obtain a temporary signed S3 URL for signature images without proper authorization, potentially exposing sensitive asset/license management data.

This unauthorized access could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict access controls and protection of sensitive information.

However, the CVE description and available information do not explicitly mention the impact on compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55542. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart