A vulnerability classified as problematic was found in grokability Snipe-IT up to 8.5.x. This affects the function UsersController::update of the component Permission Management. Such manipulation leads to improper authorization.

This vulnerability is traded as CVE-2026-55843. The attack may be launched remotely. There is no exploit available.