[subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Multiple severe security vulnerabilities have been identified within the platform application, spanning broken access control, insecure default cryptographic keys, and widespread insecure direct object references (IDOR). These flaws combine to permit complete compromise of deployment infrastructure, unauthorized data exposure, and workspace isolation bypasses. An attacker leveraging these vulnerabilities can forge administrative authentication tokens, self-promote to workspace owners, and view, modify, or delete entities across independent customer segments without proper authorization. Immediate upgrades and configuration rectifications are necessary to avoid severe data loss and structural compromise.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Multiple severe security vulnerabilities have been identified within the platform application, spanning broken access control, insecure default cryptographic keys, and widespread insecure direct object references (IDOR). These flaws combine to permit complete compromise of deployment infrastructure, unauthorized data exposure, and workspace isolation bypasses. An attacker leveraging these vulnerabilities can forge administrative authentication tokens, self-promote to workspace owners, and view, modify, or delete entities across independent customer segments without proper authorization. Immediate upgrades and configuration rectifications are necessary to avoid severe data loss and structural compromise.[emaillocker id="1283"]
- CVE-2026-47410 (CVSS Score: 9.8 - Critical): This score reflects maximum severity due to a combination of trivial exploitability and total impact. Because the JWT signing key falls back to a publicly known, hardcoded string, a remote attacker requires no special privileges or user interaction to exploit it. Successful exploitation grants complete confidentiality, integrity, and availability compromise by allowing the attacker to forge administrative tokens for any account.
- CVE-2026-47416 (CVSS Score: 9.6 - Critical): This high score is driven by the vertical privilege escalation vector. While it requires low administrative privileges to execute (the attacker must first be a basic workspace member), it demands zero user interaction and can be completely automated. The impact is critical because a standard member gains full owner permissions over the workspace in a single request.
- CVE-2026-47405 (CVSS Score: 8.8 - High): This vulnerability carries a high severity score because it allows low-privilege workspace members to execute sensitive administrative actions (such as deleting workspaces or changing membership settings). The exploitability is high for authenticated insiders, resulting in significant integrity and availability damage to the targeted workspace environment.
- CVE-2026-47399 (CVSS Score: 8.8 - High): The score is elevated here due to the breakdown of tenant isolation boundaries. An authenticated attacker from an entirely separate workspace can view, modify, or delete core assets (agents, projects, and comments) belonging to other tenants. This results in broad confidentiality and integrity impacts across the deployment.
- CVE-2026-47409 (CVSS Score: 8.1 - High): This score reflects a severe risk to system availability and integrity. Because any basic member can delete any other member without restriction, an attacker can completely remove the legitimate owner. This creates a permanent denial-of-service condition for the owner and results in full workspace takeover.
- CVE-2026-47406 (CVSS Score: 8.1 - High): This score is assigned because the insecure direct object reference allows cross-workspace manipulation. Attackers can read internal task dependencies or create unauthorized links between completely unrelated issues, resulting in high integrity degradation and data exposure across distinct workspace silos.
- CVE-2026-47414 (CVSS Score: 7.6 - High): While still ranked as a high-severity flaw, this score is slightly lower than the structural object bypasses because the scope of control is limited to classification metadata (labels). However, it represents a substantial integrity risk, as unauthorized cross-workspace label modification can disrupt automated workflows and data organization.
Organizations must swiftly transition to corrected software versions and audit existing configurations to enforce appropriate tenant containment. Implementing stricter verification mechanisms at the datastore level will mitigate the systemic authentication and authorization shortfalls identified across these components.
RECOMMENDATION:
- We recommend you to update praisonai-platform to version 0.1.4. We recommend you to update PraisonAI to version 4.6.40.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-c2m8-4gcg-v22g
https://github.com/advisories/GHSA-w388-2392-px73
https://github.com/advisories/GHSA-5jx9-w35f-vp65
https://github.com/advisories/GHSA-4x6r-9v57-3gqw
https://github.com/advisories/GHSA-3qg8-5g3r-79v5
https://github.com/advisories/GHSA-h37g-4h4p-9x97
https://github.com/advisories/GHSA-6h6v-6m7w-7vxx
https://github.com/advisories/GHSA-h8q5-cp56-rr65
https://github.com/advisories/GHSA-gv23-xrm3-8c62
https://github.com/advisories/GHSA-hvhp-v2gc-268q
https://github.com/advisories/GHSA-vg22-4gmj-prxw
https://github.com/advisories/GHSA-9cr9-25q5-8prj
https://github.com/advisories/GHSA-4mr5-g6f9-cfrh
https://github.com/advisories/GHSA-8444-4fhq-fxpq
https://github.com/advisories/GHSA-86qc-r5v2-v6x6
https://github.com/advisories/GHSA-78r8-wwqv-r299
[/emaillocker]