[HIGH] Snipe-IT API Vulnerable to Cross-Tenant Accessory Injection

PKSA-2tsw-c1yg-xhyc CVE-2026-54329 GHSA-pwpj-p52h-q484

Affected package: snipe/snipe-it

Affected version: <=8.6.1

Reported by:
GitHub