← العودة للجدول
CVE-2026-47416
CVE-2026-47416 — GHSA: praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
📅 2026-05-29
🔴 Critical 🔥 No GHSA Exploit Network CVSS 9.6

📋 الوصف الكامل

## Summary **Type:** Vertical privilege escalation. The `PATCH /workspaces/{workspace_id}/members/{user_id}` endpoint is gated by `require_workspace_member(workspace_id)`, which defaults to `min_role="member"` and is never overridden by the route. The handler then calls `MemberService.update_role(workspace_id, user_id, body.role)` which sets the target member's role to whatever the

💻 الأنظمة المتأثرة

GHSA: praisonai-platform: Any

⚠️ نوع التهديد

Exploit

🔗 CVE ID

CVE-2026-47416

📡 المصدر

GHSA

✅ الحلول والتخفيف

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ←