CVE-2026-31874
Privilege Escalation in Taskosaur 1.0.0 via Role Parameter Manipulation
Publication date: 2026-03-11
Last updated on: 2026-03-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| taskosaur | taskosaur | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-31874 is a critical vulnerability in the Taskosaur project management platform version 1.0.0. The issue arises because the application does not properly validate or restrict the 'role' parameter during user registration. An attacker can manipulate the registration request payload to assign themselves elevated privileges, specifically the SUPER_ADMIN role."}, {'type': 'paragraph', 'content': 'Since the backend accepts the client-supplied role parameter without enforcement or ignoring it, it creates the account with full administrative privileges. This means any unauthenticated attacker can register a fully privileged administrative account, bypassing normal access controls.'}] [2]
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to gain full administrative access to the Taskosaur application by registering an account with SUPER_ADMIN privileges. This can lead to complete compromise of the system.
- Unauthorized creation, modification, or deletion of user accounts.
- Access to sensitive data and administrative endpoints.
- Potential full control over the application, including data integrity and availability.
The vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity with high impact on confidentiality, integrity, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring registration requests to the Taskosaur application for suspicious role assignments. Specifically, look for registration payloads that include a role parameter with elevated privileges such as "SUPER_ADMIN".'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to intercept and inspect HTTP requests to the registration endpoint using a proxy tool like Burp Suite or similar.'}, {'type': 'paragraph', 'content': 'You can also search server logs or audit trails for user accounts created with the SUPER_ADMIN role that were registered without proper authorization.'}, {'type': 'list_item', 'content': 'Use a network capture tool (e.g., tcpdump or Wireshark) to capture HTTP POST requests to the registration endpoint and filter for payloads containing the role parameter.'}, {'type': 'list_item', 'content': 'Example command to capture HTTP POST requests on port 80 or 443 (adjust as needed):'}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'"}, {'type': 'list_item', 'content': 'Search captured logs or files for the string "role":"SUPER_ADMIN" to identify unauthorized role assignments.'}, {'type': 'list_item', 'content': 'If you have access to the database, query the users table for accounts with the SUPER_ADMIN role created recently or suspiciously.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enforcing strict role assignment controls during user registration to prevent clients from specifying roles.
Specifically, the application should be updated to remove the role parameter from the registration data transfer object (DTO) and assign a default role such as MEMBER to all new users.
Implement role-based access control (RBAC) guards to restrict access to sensitive endpoints only to authorized roles like SUPER_ADMIN.
Restrict critical user management endpoints (create, findAll, delete) to SUPER_ADMIN users only, and prevent non-SUPER_ADMIN users from changing roles.
Until a patch is applied, monitor registration requests for suspicious role parameters and consider temporarily disabling public registration if feasible.
Follow the OWASP Mass Assignment Cheat Sheet recommendations to properly restrict role assignments during registration.