Authorization Bypass in PraisonAI Platform by Mervin Praison
CVE-2026-61440
7.1HIGH
What is CVE-2026-61440?
The PraisonAI Platform prior to version 0.1.9 contains a significant authorization flaw that allows workspace members to perform unauthorized label and issue-label mutations. This vulnerability enables them to rename, recolor, and manage labels on issues created by owners without proper authorization. The exploitation involves sending PATCH and POST/DELETE requests to modify shared label taxonomy and manipulate issue-label associations, thus compromising the intended access controls of the platform.
Affected Version(s)
PraisonAI 0 < 0.1.9
PraisonAI 0.1.9
