ILTOSEC

security research

iltosec

writeups & research

Blog

2 posts

categories

all Rce Xss CVE Ransomware File Upload Bypass Host Header Injection Authentication Bypass SSTI Command Injection Vulnerability Research Cloud AWS Injection

tags

Rce CMS CVE Ransomware File Upload Bypass snipe-it idor authorization-bypass privilege-escalation information-disclosure enumeration misconfiguration aws-s3 SQLI

CVE·Vulnerability Research

CVE-2026-48493: Privilege Escalation via Permission Bypass in Snipe-IT

Technical breakdown of CVE-2026-48493: Users with users.edit permission escalate to near-full system access via PreserveUnauthorizedPrivilegedPermissionsAction bypass. Detailed PoC and impact analysis.

53 2 3 min read

CVE·Vulnerability Research · CVE

CVE-2026-48492: User Account Enumeration via Missing Authorization in Snipe-IT

Technical breakdown of CVE-2026-48492: A missing authorization flaw in Snipe-IT allowing authenticated users to enumerate accounts via the API.

61 4 3 min read