Product
high
advisory
Praison AI Platform Missing Authorization Leads to Workspace Takeover
2 rules 2 TTPsAn authorization bypass vulnerability exists in praisonai-platform where any member can remove any other member, including the workspace owner, due to missing role checks and owner protection logic, allowing an attacker to lock the legitimate owner out of their own workspace, leading to a permanent denial-of-service and potential workspace takeover (CVE-2026-47409).
praisonai-platform
authorization
privilege-escalation
denial-of-service
2r
2t
critical
threat
PraisonAI Platform Cross-Workspace IDOR and Privilege Escalation
3 rules 5 TTPsPraisonAI Platform is vulnerable to cross-workspace IDOR and member-role privilege escalation, allowing unauthorized users to read, update, or delete resources across workspaces, escalate privileges, and potentially take over accounts and workspaces due to insufficient access controls and role enforcement.
praisonai-platform
idor
privilege-escalation
cross-tenant-access
fastapi
3r
5t