| CVE-2026-47416 |
unknown |
— |
— |
|
|
|
13h ago |
praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} |
| CVE-2026-47409 |
unknown |
— |
— |
|
|
|
13h ago |
praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role |
| CVE-2026-47414 |
unknown |
— |
— |
|
|
|
13h ago |
praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link) |
| CVE-2026-47406 |
unknown |
— |
— |
|
|
|
13h ago |
praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks |
| CVE-2026-47410 |
unknown |
— |
— |
|
|
|
13h ago |
praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset |
| CVE-2026-47405 |
unknown |
— |
— |
|
|
|
13h ago |
PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership |
| CVE-2026-47399 |
unknown |
— |
— |
|
|
|
13h ago |
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID |
| CVE-2026-47407 |
unknown |
— |
— |
|
|
|
13h ago |
PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation |
| CVE-2026-47408 |
unknown |
— |
— |
|
|
|
13h ago |
praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership |
| CVE-2026-48169 |
unknown |
— |
— |
|
|
|
13h ago |
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API |