A vulnerability marked as problematic has been reported in grokability Snipe-IT up to 8.5.x. Impacted is an unknown function of the file /account/request of the component Account Request Handler. The manipulation of the argument cancel_by_admin leads to improper authorization.

This vulnerability is documented as CVE-2026-55476. The attack can be initiated remotely. There is not any exploit available.