2 matches found
PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...
PT-2026-45066
Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description A vertical privilege escalation exists where a user with the lowest privilege level can promote themselves to a workspace owner. The issue occurs because the PATCH...