CVE-2026-58653
Received Received - Intake

PraisonAI Cross-Tenant Project ID Validation Bypass

Vulnerability report for CVE-2026-58653, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: VulnCheck

Description

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace constraints.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praisonai praisonai to 0.1.7 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-58653 is a vulnerability in PraisonAI versions before 0.1.7 where the application fails to validate that the project_id provided in issue create and update requests belongs to the workspace specified in the URL.

This means an attacker can create or update issues in their own workspace that reference projects from other workspaces, which they do not own.

As a result, this causes cross-tenant data pollution by inflating project statistics of other workspaces without proper workspace constraints.

The vulnerability arises because the system does not check that the project_id in the request body matches the workspace context, allowing unauthorized references.

Impact Analysis

This vulnerability can impact you by allowing attackers to manipulate project statistics in your workspace without your permission.

Although the attacker cannot see your issue contents or make issues appear in your workspace's issue list, they can skew the accuracy and integrity of your project data.

This cross-tenant data pollution can lead to misleading project metrics, which may affect decision-making or reporting based on those statistics.

Detection Guidance

Detection of this vulnerability involves identifying requests to the issue create and update endpoints where the project_id parameter references projects outside the user's workspace. Since the vulnerability allows cross-tenant data pollution by manipulating project references, monitoring API requests for project_id values that do not belong to the authenticated user's workspace is key.

Specific commands are not provided in the available resources, but network or application logs can be inspected for suspicious issue creation or update requests containing project_id values that do not match the user's workspace context.

Mitigation Strategies

The immediate mitigation step is to upgrade PraisonAI to version 0.1.7 or later, where the vulnerability has been fixed by validating that any project_id, parent_issue_id, or assignee_id in issue create and update requests belongs to the URL workspace before processing.

Until the upgrade can be applied, monitoring and restricting API requests to ensure project references are workspace-consistent can help reduce exploitation risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58653. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart