No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Jul 2026 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace constraints. | |
| Title | PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update | |
| First Time appeared |
Praison
Praison praisonai |
|
| Weaknesses | CWE-639 | |
| CPEs | cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Praison
Praison praisonai |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-02T13:15:55.445Z
Reserved: 2026-07-01T21:54:37.945Z
Link: CVE-2026-58653
Updated: 2026-07-02T13:15:52.415Z
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-639
Authorization Bypass Through User-Controlled Key