CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

CVE-2026-11322

Hermes WebUI (before v0.51.221) contains a path traversal vulnerability that lets an attacker escape the workspace boundary by supplying symlinks that resolve outside the workspace. The workspace file and listing APIs resolve symlink targets without enforcing that the final path remains within th...

PT-2026-46394

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.221 Description A path traversal issue allows attackers to escape the workspace boundary by providing symlinks that resolve to files or directories outside the designated workspace root. By exploiting the...

CVE-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2026-10277

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

EUVD-2026-33721

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

CVE-2026-10277 j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

CVE-2026-10277

CVE-2026-10277 affects the MCP Gmail Tool in j3k0/mcp-google-workspace (up to commit 831790e7d5c2663325733d9f5579cc339a267c4c). The vulnerability resides in the saveToDisk function of src/tools/gmail.ts and leads to improper access controls when a manipulation is performed, with remote initiation...

GHSA-G8RR-7RJ2-F627 praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project,...

praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project,...

praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/issues/issueid gate access on requireworkspacememberworkspaceid only, then resolve issueid through IssueService.getissueid which is a primary-key lookup with no workspace...

GHSA-XWQ8-FRCG-77Q8 praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/issues/issueid gate access on requireworkspacememberworkspaceid only, then resolve issueid through IssueService.getissueid which is a primary-key lookup with no workspace...

GHSA-8G2P-PQM3-FCFH praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members

Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...

praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members

Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...

praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}

Summary Type: Authorization bypass enabling workspace metadata + settings tampering. The PATCH /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can rewrite the workspace's name, description, and the settings JSON blob. The...

GHSA-RCMC-Q9RJ-4WMQ praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}

Summary Type: Authorization bypass enabling workspace metadata + settings tampering. The PATCH /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can rewrite the workspace's name, description, and the settings JSON blob. The...

praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspaceid/issues/issueid/comments and GET .../comments gate access on requireworkspacememberworkspaceid only, then call CommentService.createissueid=issueid, ... and CommentService.listforissueissueid without...

GHSA-CP4F-5M9R-5JC2 praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspaceid/issues/issueid/comments and GET .../comments gate access on requireworkspacememberworkspaceid only, then call CommentService.createissueid=issueid, ... and CommentService.listforissueissueid without...

GHSA-943M-6WX2-RC2J praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...