Tag

#PraisonAI Platform

Understanding and Preventing Cross-Workspace Object Access in PraisonAI Platform

The PraisonAI Platform has a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace. This is due to workspace-scoped REST routes not properly verifying object ownership.

Jun 2, 20261 source

articleCRITICAL 9.4

In-Depth Analysis of PraisonAI Platform Cross-Workspace IDOR and Member-Role Privilege Escalation Vulnerability

The PraisonAI Platform is vulnerable to a critical cross-workspace IDOR (Insecure Direct Object Reference) and member-role privilege escalation attack. This vulnerability, tracked as CVE-2026-47407, allows any registered user to read, update, and delete resources across all workspaces, as well as escalate their privileges to admin or owner, potentially leading to full control of the workspace.

Jun 1, 20261 source