CVE-2026-61442

Source
https://cve.org/CVERecord?id=CVE-2026-61442
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-61442.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-61442
Aliases
  • GHSA-c78w-2q4r-68r7
Published
2026-07-11T13:01:03.789Z
Modified
2026-07-13T04:01:09.359905535Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
PraisonAI Platform before 0.1.9 Authorization Bypass via PATCH
Details

PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign lead_id to their own user id and then delete the owner-created project, bypassing the delete route's owner/admin permission check.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/61xxx/CVE-2026-61442.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/mervinpraison/praisonai

Affected ranges

Type
GIT
Repo
https://github.com/mervinpraison/praisonai
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.1.9"
        }
    ]
}

Affected versions

0.*
0.0.55
0.0.56
0.0.57
0.0.59rc5
2.*
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.50
2.0.51
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.60
2.0.61
2.0.62
2.0.63
2.0.64
2.0.65
2.0.66
2.0.67
2.0.68
2.0.69
2.0.70
2.0.71
2.0.72
2.0.73
2.0.74
2.0.75
2.0.76
praisonai-cli@0.*
praisonai-cli@0.2.0
praisonai-derive@0.*
praisonai-derive@0.2.0
praisonai@0.*
praisonai@0.2.0
v0.*
v0.0.1
v0.0.18
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.0.24
v0.0.25
v0.0.26
v0.0.27
v0.0.28
v0.0.29
v0.0.30
v0.0.31
v0.0.32
v0.0.33
v0.0.34
v0.0.35
v0.0.36
v0.0.37
v0.0.38
v0.0.39
v0.0.40
v0.0.41
v0.0.42
v0.0.43
v0.0.44
v0.0.45
v0.0.46
v0.0.47
v0.0.48
v0.0.49
v0.0.50
v0.0.51
v0.0.52
v0.0.53
v0.0.54
v0.0.58
v0.0.59
v0.0.59rc1
v0.0.59rc11
v0.0.59rc2
v0.0.59rc3
v0.0.59rc4
v0.0.59rc5
v0.0.59rc6
v0.0.59rc7
v0.0.59rc8
v0.0.59rc9
v0.0.61
v0.0.62
v0.0.63
v0.0.64
v0.0.65
v0.0.66
v0.0.67
v0.0.68
v0.0.69
v0.0.70
v0.0.71
v0.0.72
v0.0.73
v0.0.74
v0.1.0
v0.1.1
v0.1.10
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.2.0
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.8
v1.0.9
v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.20
v2.0.21
v2.0.22
v2.0.23
v2.0.24
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.77
v2.0.78
v2.0.79
v2.0.8
v2.0.80
v2.0.81
v2.0.9
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.2.1
v2.2.10
v2.2.11
v2.2.12
v2.2.13
v2.2.14
v2.2.15
v2.2.16
v2.2.17
v2.2.18
v2.2.19
v2.2.2
v2.2.20
v2.2.21
v2.2.22
v2.2.23
v2.2.24
v2.2.25
v2.2.26
v2.2.27
v2.2.28
v2.2.29
v2.2.3
v2.2.30
v2.2.31
v2.2.32
v2.2.33
v2.2.34
v2.2.35
v2.2.36
v2.2.37
v2.2.38
v2.2.39
v2.2.4
v2.2.40
v2.2.41
v2.2.42
v2.2.43
v2.2.44
v2.2.45
v2.2.46
v2.2.47
v2.2.48
v2.2.49
v2.2.5
v2.2.50
v2.2.51
v2.2.52
v2.2.53
v2.2.54
v2.2.55
v2.2.56
v2.2.57
v2.2.58
v2.2.59
v2.2.6
v2.2.60
v2.2.61
v2.2.62
v2.2.63
v2.2.64
v2.2.65
v2.2.66
v2.2.67
v2.2.68
v2.2.69
v2.2.7
v2.2.70
v2.2.71
v2.2.72
v2.2.73
v2.2.74
v2.2.75
v2.2.76
v2.2.77
v2.2.78
v2.2.79
v2.2.8
v2.2.80
v2.2.81
v2.2.82
v2.2.83
v2.2.84
v2.2.85
v2.2.86
v2.2.87
v2.2.89
v2.2.9
v2.2.90
v2.2.91
v2.2.93
v2.2.96
v2.2.97
v2.2.98
v2.2.99
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.15
v2.3.16
v2.3.18
v2.3.19
v2.3.2
v2.3.20
v2.3.21
v2.3.22
v2.3.23
v2.3.24
v2.3.25
v2.3.26
v2.3.27
v2.3.28
v2.3.29
v2.3.3
v2.3.30
v2.3.31
v2.3.32
v2.3.33
v2.3.34
v2.3.35
v2.3.36
v2.3.37
v2.3.38
v2.3.39
v2.3.4
v2.3.40
v2.3.41
v2.3.42
v2.3.43
v2.3.44
v2.3.45
v2.3.46
v2.3.47
v2.3.48
v2.3.49
v2.3.5
v2.3.50
v2.3.51
v2.3.52
v2.3.53
v2.3.54
v2.3.55
v2.3.56
v2.3.57
v2.3.58
v2.3.59
v2.3.6
v2.3.60
v2.3.61
v2.3.62
v2.3.63
v2.3.64
v2.3.65
v2.3.66
v2.3.67
v2.3.68
v2.3.69
v2.3.7
v2.3.70
v2.3.71
v2.3.72
v2.3.73
v2.3.74
v2.3.75
v2.3.76
v2.3.77
v2.3.78
v2.3.79
v2.3.8
v2.3.80
v2.3.81
v2.3.82
v2.3.83
v2.3.84
v2.3.85
v2.3.86
v2.3.87
v2.3.9
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v4.*
v4.4.10
v4.4.11
v4.4.12
v4.4.5
v4.4.6
v4.4.7
v4.4.8
v4.4.9
v4.5.0
v4.5.1
v4.5.10
v4.5.100
v4.5.101
v4.5.102
v4.5.103
v4.5.104
v4.5.105
v4.5.106
v4.5.107
v4.5.108
v4.5.109
v4.5.11
v4.5.110
v4.5.111
v4.5.112
v4.5.113
v4.5.115
v4.5.117
v4.5.118
v4.5.119
v4.5.12
v4.5.120
v4.5.121
v4.5.122
v4.5.123
v4.5.124
v4.5.125
v4.5.126
v4.5.128
v4.5.129
v4.5.13
v4.5.130
v4.5.131
v4.5.132
v4.5.133
v4.5.134
v4.5.14
v4.5.140
v4.5.143
v4.5.144
v4.5.145
v4.5.146
v4.5.147
v4.5.148
v4.5.149
v4.5.15
v4.5.16
v4.5.17
v4.5.18
v4.5.19
v4.5.2
v4.5.20
v4.5.21
v4.5.22
v4.5.23
v4.5.24
v4.5.25
v4.5.26
v4.5.27
v4.5.28
v4.5.29
v4.5.3
v4.5.30
v4.5.31
v4.5.32
v4.5.33
v4.5.34
v4.5.35
v4.5.36
v4.5.37
v4.5.38
v4.5.39
v4.5.40
v4.5.41
v4.5.42
v4.5.43
v4.5.44
v4.5.45
v4.5.46
v4.5.48
v4.5.49
v4.5.5
v4.5.51
v4.5.52
v4.5.54
v4.5.55
v4.5.56
v4.5.57
v4.5.58
v4.5.59
v4.5.6
v4.5.60
v4.5.62
v4.5.63
v4.5.64
v4.5.65
v4.5.67
v4.5.68
v4.5.69
v4.5.7
v4.5.70
v4.5.71
v4.5.72
v4.5.73
v4.5.74
v4.5.76
v4.5.77
v4.5.78
v4.5.79
v4.5.8
v4.5.80
v4.5.81
v4.5.82
v4.5.83
v4.5.85
v4.5.87
v4.5.88
v4.5.9
v4.5.90
v4.5.93
v4.5.94
v4.5.95
v4.5.96
v4.5.97
v4.5.98
v4.6.1
v4.6.10
v4.6.11
v4.6.12
v4.6.13
v4.6.14
v4.6.15
v4.6.16
v4.6.18
v4.6.19
v4.6.2
v4.6.20
v4.6.21
v4.6.22
v4.6.23
v4.6.24
v4.6.25
v4.6.26
v4.6.27
v4.6.28
v4.6.29
v4.6.3
v4.6.30
v4.6.31
v4.6.32
v4.6.33
v4.6.34
v4.6.35
v4.6.36
v4.6.37
v4.6.38
v4.6.39
v4.6.4
v4.6.40
v4.6.41
v4.6.42
v4.6.43
v4.6.44
v4.6.45
v4.6.46
v4.6.47
v4.6.48
v4.6.5
v4.6.50
v4.6.51
v4.6.52
v4.6.53
v4.6.54
v4.6.55
v4.6.56
v4.6.57
v4.6.58
v4.6.59
v4.6.6
v4.6.60
v4.6.62
v4.6.7
v4.6.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-61442.json"