Authorization Bypass in PraisonAI Affects Project Integrity
CVE-2026-58653
5.3MEDIUM
What is CVE-2026-58653?
PraisonAI prior to version 0.1.7 contains a flaw that allows attackers to bypass authorization controls by sending requests that manipulate the project_id field. This vulnerability enables the creation of issues linked to projects across different workspaces, resulting in cross-tenant data pollution. Consequently, the integrity of project statistics may be compromised as data from unauthorized sources can be aggregated without the necessary workspace restrictions.
Affected Version(s)
PraisonAI 0 < 0.1.7
PraisonAI 0.1.7
