Authorization Bypass in PraisonAI Affects Project Integrity
CVE-2026-58653

5.3MEDIUM

Key Information:

Vendor

Praisonai

Status
Vendor
CVE Published:
2 July 2026

What is CVE-2026-58653?

PraisonAI prior to version 0.1.7 contains a flaw that allows attackers to bypass authorization controls by sending requests that manipulate the project_id field. This vulnerability enables the creation of issues linked to projects across different workspaces, resulting in cross-tenant data pollution. Consequently, the integrity of project statistics may be compromised as data from unauthorized sources can be aggregated without the necessary workspace restrictions.

Affected Version(s)

PraisonAI 0 < 0.1.7

PraisonAI 0.1.7

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

sai-sh
.