In-Depth Analysis of PraisonAI Platform Cross-Workspace IDOR and Member-Role Privilege Escalation Vulnerability
The PraisonAI Platform is vulnerable to a critical cross-workspace IDOR (Insecure Direct Object Reference) and member-role privilege escalation attack. This vulnerability, tracked as CVE-2026-47407, allows any registered user to read, update, and delete resources across all workspaces, as well as escalate their privileges to admin or owner, potentially leading to full control of the workspace.