Back to CVE List

CVE-2026-49870

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.9 / 10

Vulnerability Description

Snipe-IT's TOTP is Brute-Forceable Due to Missing Rate Limiting on `POST /two-factor`

Vulnerability Details

Published Date

June 23, 2026

Last Modified

June 23, 2026

Source

GitHub

Vendor

composer

Product

snipe/snipe-it

External References

Discussion (0)

Add Comment

No comments yet. Be the first!