{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/workspace-bypass/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PraisonAI Platform"],"_cs_severities":["critical"],"_cs_tags":["authorization","privilege-escalation","workspace-bypass"],"_cs_type":"threat","_cs_vendors":["PraisonAI"],"content_html":"\u003cp\u003ePraisonAI Platform is vulnerable to an object-level authorization flaw in its workspace-scoped REST routes. This vulnerability, disclosed on May 29, 2026, allows an authenticated user belonging to one workspace (e.g., \u003ccode\u003eworkspace_attacker\u003c/code\u003e) to bypass intended access controls and interact with objects (agents, projects, issues, comments) belonging to another workspace (e.g., \u003ccode\u003eworkspace_victim\u003c/code\u003e). The vulnerability stems from the service layer resolving target objects by global UUID without validating workspace membership after initial authorization, leading to a breach of workspace isolation. Successful exploitation enables unauthorized data access, modification, and deletion, impacting data confidentiality, integrity, and availability across different workspaces in the PraisonAI Platform.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker creates an account on the PraisonAI Platform.\u003c/li\u003e\n\u003cli\u003eAttacker logs into the PraisonAI Platform and creates a workspace named \u003ccode\u003eworkspace_attacker\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eVictim creates an account on the PraisonAI Platform.\u003c/li\u003e\n\u003cli\u003eVictim logs into the PraisonAI Platform and creates a workspace named \u003ccode\u003eworkspace_victim\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eVictim creates an agent (or project, issue, or comment) within \u003ccode\u003eworkspace_victim\u003c/code\u003e, obtaining the global UUID of the object (\u003ccode\u003evictim_agent_id\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a request to a workspace-scoped route (e.g., \u003ccode\u003e/api/v1/workspaces/{workspace_attacker}/agents/{victim_agent_id}\u003c/code\u003e) supplying their workspace ID and the victim\u0026rsquo;s object UUID.\u003c/li\u003e\n\u003cli\u003eThe server authenticates the attacker based on their membership in \u003ccode\u003eworkspace_attacker\u003c/code\u003e, but retrieves the victim\u0026rsquo;s object from \u003ccode\u003eworkspace_victim\u003c/code\u003e using the provided UUID without validating its workspace association.\u003c/li\u003e\n\u003cli\u003eAttacker reads, modifies, or deletes the victim\u0026rsquo;s object, successfully breaching workspace isolation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker with access to any workspace to access, modify, and delete data belonging to other workspaces within the PraisonAI Platform. This could lead to unauthorized data breaches, data corruption, and denial of service for legitimate users. The number of affected users and organizations depends on the deployment size of the PraisonAI Platform.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect PraisonAI Platform Cross-Workspace Agent Access\u003c/code\u003e to identify attempts to access agents in different workspaces based on workspace ID and agent ID.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect PraisonAI Platform Cross-Workspace Project Access\u003c/code\u003e to identify attempts to access projects in different workspaces based on workspace ID and project ID.\u003c/li\u003e\n\u003cli\u003eExamine webserver logs for unusual patterns in requests to the agent, project, issue, and comment API routes to detect potential exploitation attempts (logsource: webserver).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T22:39:55Z","date_published":"2026-05-29T22:39:55Z","id":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-workspace-bypass/","summary":"PraisonAI Platform's workspace-scoped REST routes have an object-level authorization flaw allowing authenticated users from one workspace to access, modify, and delete objects in another workspace by providing the victim object's global UUID.","title":"PraisonAI Platform Workspace Cross-Access Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-workspace-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Workspace-Bypass","version":"https://jsonfeed.org/version/1.1"}