{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/fastapi/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["praisonai-platform (\u003c= 0.1.2)"],"_cs_severities":["critical"],"_cs_tags":["idor","privilege-escalation","cross-tenant-access","fastapi"],"_cs_type":"threat","_cs_vendors":["PraisonAI"],"content_html":"\u003cp\u003ePraisonAI Platform is susceptible to critical vulnerabilities stemming from insufficient access controls and role enforcement. The platform exposes resources under \u003ccode\u003e/api/v1/workspaces/{workspace_id}/...\u003c/code\u003e, intending to protect them with a \u003ccode\u003erequire_workspace_member(workspace_id)\u003c/code\u003e FastAPI dependency. However, this dependency only validates the \u003ccode\u003eworkspace_id\u003c/code\u003e in the URL prefix, neglecting to verify the resource\u0026rsquo;s own \u003ccode\u003eworkspace_id\u003c/code\u003e. This oversight enables a malicious actor to manipulate the URL, accessing resources across different workspaces. Furthermore, member-management routes lack proper role enforcement, allowing basic members to elevate their privileges to admin or owner. Open registration without email verification at \u003ccode\u003e/api/v1/auth/register\u003c/code\u003e and a default server bind to \u003ccode\u003e0.0.0.0:8000\u003c/code\u003e further exacerbate the risk. Successful exploitation allows attackers to read, update, or delete resources across workspaces, escalate privileges, and potentially take over accounts and workspaces. The vulnerability affects praisonai-platform versions 0.1.2 and earlier.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker registers an account via the open \u003ccode\u003e/api/v1/auth/register\u003c/code\u003e endpoint to obtain a valid bearer token.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a target workspace ID and a resource ID (agent, issue, project, etc.) within that workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a request to \u003ccode\u003e/api/v1/workspaces/{attacker_workspace_id}/{resource_type}/{target_resource_id}\u003c/code\u003e, substituting \u003ccode\u003e{attacker_workspace_id}\u003c/code\u003e with their own workspace ID and \u003ccode\u003e{target_resource_id}\u003c/code\u003e with the target resource ID.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erequire_workspace_member\u003c/code\u003e dependency checks if the attacker is a member of the attacker\u0026rsquo;s workspace, which passes.\u003c/li\u003e\n\u003cli\u003eThe service layer retrieves the target resource based solely on the \u003ccode\u003etarget_resource_id\u003c/code\u003e, bypassing workspace context validation.\u003c/li\u003e\n\u003cli\u003eThe attacker reads, modifies, or deletes the cross-tenant resource. For example, \u003ccode\u003ePATCH /api/v1/workspaces/{attacker_workspace_id}/agents/{target_agent_id}\u003c/code\u003e modifies the target agent\u0026rsquo;s instructions.\u003c/li\u003e\n\u003cli\u003eA low-privileged member uses the \u003ccode\u003ePATCH /{workspace_id}/members/{user_id}\u003c/code\u003e route to promote themself to \u003ccode\u003eadmin\u003c/code\u003e due to missing role checks.\u003c/li\u003e\n\u003cli\u003eThe attacker deletes the original owner and assumes full control of the workspace.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can have severe consequences. Any registered user can read every agent, issue, project, label, comment, and dependency across all workspaces. Sensitive information such as API keys and connection strings stored within \u003ccode\u003eagent.instructions\u003c/code\u003e and \u003ccode\u003eagent.runtime_config\u003c/code\u003e fields are exposed. Malicious actors can rewrite \u003ccode\u003eagent.instructions\u003c/code\u003e to exfiltrate conversations or manipulate behavior. Additionally, attackers can reassign issues, edit project metadata, and delete critical resources, leading to data loss and service disruption. Basic members can escalate their privileges to admin, evict the owner, and seize control of workspaces. The default deployment configuration exposes the platform to network-based attacks, amplifying the impact of the vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the suggested fix outlined in the advisory to re-scope every nested-resource lookup to the URL workspace to prevent cross-workspace IDOR vulnerabilities.\u003c/li\u003e\n\u003cli\u003eImplement explicit \u003ccode\u003emin_role\u003c/code\u003e arguments on member-management routes to enforce role-based access control and prevent unauthorized privilege escalation.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to \u003ccode\u003e/api/v1/workspaces/{workspace_id}/agents/{agent_id}\u003c/code\u003e and other nested-resource routes using the provided Sigma rules.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule detecting privilege escalation attempts via the \u003ccode\u003ePATCH /{workspace_id}/members/{user_id}\u003c/code\u003e route.\u003c/li\u003e\n\u003cli\u003eBlock registration from untrusted networks until email verification is implemented.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T22:35:47Z","date_published":"2026-05-29T22:35:47Z","id":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-idor-privesc/","summary":"PraisonAI Platform is vulnerable to cross-workspace IDOR and member-role privilege escalation, allowing unauthorized users to read, update, or delete resources across workspaces, escalate privileges, and potentially take over accounts and workspaces due to insufficient access controls and role enforcement.","title":"PraisonAI Platform Cross-Workspace IDOR and Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-idor-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Fastapi","version":"https://jsonfeed.org/version/1.1"}