GHSA-7p8g-6c6g-h9w7: praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
highvulnerability
security
Summary
PraisonAI Platform has an IDOR (insecure direct object reference, a flaw where users can access resources they shouldn't by guessing object IDs) vulnerability in its agent management endpoints. A user who belongs to any workspace can read, modify, or delete agents from other workspaces by guessing their agent IDs, because the code checks if the user belongs to *some* workspace but never verifies the agent actually belongs to that workspace.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
June 5, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
LangChain
Affected Packages
praisonai-platform@< 0.1.4 (fixed: 0.1.4)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-7p8g-6c6g-h9w7
First tracked: June 5, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%