A vulnerability described as critical has been identified in grokability Snipe-IT up to 8.6.1. The affected element is the function
bind of the file api/v1/kits of the component License Binding. The manipulation of the argument License results in improper authorization.
This vulnerability is reported as CVE-2026-55478. The attack can be launched remotely. No exploit exists.