Tag
PraisonAI Platform's workspace-scoped REST routes have an object-level authorization flaw allowing authenticated users from one workspace to access, modify, and delete objects in another workspace by providing the victim object's global UUID.