praisonai-platform

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-47413	Praison praisonai-platform	cri	0.52	—	—		Jun 1, 2026	## Summary Type: Privilege escalation / cross-tenant member injection. The `POST /workspaces/{workspace_id}/members` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`) and forwards the request body's `user_id` and `role`…
CVE-2026-47411	Praison praisonai-platform		0.00	—	—		Jun 1, 2026	## Summary Type: Authorization bypass enabling workspace metadata + settings tampering. The `PATCH /workspaces/{workspace_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can rewrite the workspace's `name`,…

CVE-2026-47413criJun 1, 2026
Praison
praisonai-platform
risk 0.52cvss —epss —
## Summary **Type:** Privilege escalation / cross-tenant member injection. The `POST /workspaces/{workspace_id}/members` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`) and forwards the request body's `user_id` and `role`…
CVE-2026-47411Jun 1, 2026
Praison
praisonai-platform
risk 0.00cvss —epss —
## Summary **Type:** Authorization bypass enabling workspace metadata + settings tampering. The `PATCH /workspaces/{workspace_id}` endpoint is gated only by `require_workspace_member(workspace_id)` (default `min_role="member"`). Any member can rewrite the workspace's `name`,…