A vulnerability classified as critical has been found in grokability Snipe-IT up to 8.6.1. The impacted element is the function
updateMaintenanceRecord of the file /api/v1/maintenances of the component Maintenance Record Handler. This manipulation of the argument asset_id causes improper authorization.
This vulnerability appears as CVE-2026-55516. The attack may be initiated remotely. There is no available exploit.