2 matches found
CVE-2026-61441
PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...
CVE-2026-61441
PraisonAI Platform before version 0.1.9 suffers an authorization bypass in the DELETE dependency endpoint: the route validates permissions against the caller-selected URL issue but allows deletion via a member-owned issue endpoint if the dependency edge is related to a member, bypassing owner/adm...