CVE-2026-61441 in PraisonAI
Summary
by MITRE • 07/10/2026
PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a dependency through an owner-created issue endpoint (which returns 403) can delete the same dependency edge by targeting a related member-owned issue endpoint, because permission is validated against the member-owned issue's owner. This allows members to bypass owner/admin authorization and remove owner-created issue dependencies.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/10/2026
The vulnerability in PraisonAI Platform version 0.1.8 and earlier represents a critical authorization flaw that undermines the platform's access control mechanisms. This issue stems from improper validation of delete permissions when removing issue dependencies through the DELETE dependency route. The system's authorization logic fails to consistently verify whether the requesting user has legitimate permission to remove a specific dependency edge, creating a pathway for unauthorized actions.
The technical flaw manifests in how the platform handles permission validation during dependency deletion operations. When a user attempts to delete a dependency edge, the system only checks permissions against the URL endpoint that was explicitly selected by the caller rather than validating against the actual dependency relationship itself. This design oversight allows users to exploit the system's authorization model by targeting different endpoints within the same workspace. Specifically, if a workspace member cannot delete a dependency through an owner-created issue endpoint due to insufficient permissions, they can still remove the same dependency edge by selecting a related member-owned issue endpoint instead.
This authorization bypass creates significant operational risks for workspace administrators and owners who rely on the platform's access controls to maintain project integrity. The vulnerability enables malicious or unauthorized users to manipulate issue dependencies without proper authorization, potentially disrupting project workflows, compromising data relationships, and undermining the collaborative structure of shared workspaces. The security implication extends beyond simple permission bypass as it affects the fundamental integrity of dependency management within the platform.
The flaw aligns with common software security weaknesses categorized under CWE-285 (Improper Authorization) and demonstrates characteristics similar to those found in privilege escalation vulnerabilities within access control systems. From an ATT&CK perspective, this vulnerability maps to T1078 (Valid Accounts) and T1484 (Domain Policy Modification) as it allows unauthorized users to manipulate system resources through legitimate account access. The issue particularly affects the platform's integrity and availability properties in the CIA triad, as it enables unauthorized modification of project relationships and potentially disrupts workflow dependencies.
Organizations using PraisonAI Platform should immediately implement mitigation strategies including immediate patching to version 0.1.9 or later, which addresses this authorization bypass vulnerability. Additionally, administrators should conduct thorough access control reviews and consider implementing more robust permission validation mechanisms that consistently verify user authorization against the actual dependency relationships rather than endpoint selection. The platform's architecture should be updated to ensure that deletion operations validate permissions against the dependency edge itself rather than the URL endpoint chosen by the user, preventing similar authorization bypass scenarios in future deployments.
This vulnerability highlights the importance of consistent permission validation across all API endpoints and demonstrates how seemingly minor authorization logic flaws can create significant security risks in collaborative platforms. The issue underscores the need for comprehensive security testing of access control mechanisms, particularly in systems where multiple users with varying permission levels interact with shared resources and dependencies. Organizations should also consider implementing additional audit logging to track dependency modification activities and detect potential unauthorized access attempts.