CVE-2026-47408

MEDIUMPre-NVD 6.56.5
EchelonGraph scoreLOW confidence

This medium-severity CVE scores 6.5 under the CNA's CVSS (NVD's own analysis pending). EPSS exploit probability: 0.0%, top 90% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).

Triggered by: NVD CVSS baseline
Sources: cna:github_m, epss
6.5
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 6.5Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership

Summary

Type: Insecure Direct Object Reference. The GET /workspaces/{workspace_id}/issues/{issue_id}/activity endpoint is gated by require_workspace_member(workspace_id) and dispatches to ActivityService.list_for_issue(issue_id), which executes SELECT * FROM activity WHERE issue_id = :issue_id with no workspace constraint. A user who is a member of any workspace can read the full activity log of any issue across the entire multi-tenant deployment. File: src/praisonai-platform/praisonai_platform/api/routes/activity.py, lines 32-43; services/activity_service.py's list_for_issue method.

Root cause: the route extracts workspace_id from the URL path, uses it solely for the membership gate, then passes the URL-supplied issue_id directly to ActivityService.list_for_issue(issue_id) without verifying which workspace the issue belongs to. The companion list_workspace_activity endpoint at line 19-29 is implemented correctly (it passes workspace_id to svc.list_for_workspace(workspace_id)) — the asymmetry is the smoking gun.

Affected Code

File: src/praisonai-platform/praisonai_platform/api/routes/activity.py, lines 19-43.

@router.get("/activity", response_model=List[ActivityLogResponse])
async def list_workspace_activity(
    workspace_id: str,
    limit: int = Query(50, ge=1, le=200),
    offset: int = Query(0, ge=0),
    user: AuthIdentity = Depends(require_workspace_member),
    session: AsyncSession = Depends(get_db),
):
    svc = ActivityService(session)
    logs = await svc.list_for_workspace(workspace_id, limit=limit, offset=offset)  # correct: passes workspace_id
    return [ActivityLogResponse.model_validate(log) for log in logs]

@router.get("/issues/{issue_id}/activity", response_model=List[ActivityLogResponse]) async def list_issue_activity( workspace_id: str, issue_id: str, limit: int = Query(50, ge=1, le=200), offset: int = Query(0, ge=0), user: AuthIdentity = Depends(require_workspace_member), session: AsyncSession = Depends(get_db), ): svc = ActivityService(session) logs = await svc.list_for_issue(issue_id, limit=limit, offset=offset) # <-- BUG: no workspace_id return [ActivityLogResponse.model_validate(log) for log in logs]

Why it's wrong: activity logs are typically the most sensitive operational record — they include actor identity, action type, entity references, and a free-form details JSON blob that may contain pre-/post-change values for any tracked field. Reading the foreign workspace's activity log gives the attacker a high-fidelity view into who did what when, which is gold for further reconnaissance (cross-workspace member enumeration, foreign issue title disclosure, knowing which projects exist). The same author got list_workspace_activity right by passing workspace_id — the issue-scoped variant is the gap.

Exploit Chain

  • Attacker is a member of workspace W_attacker and harvests a target issue UUID I_T from any side channel. State: attacker holds I_T.
  • Attacker sends GET /workspaces/W_attacker/issues/I_T/activity?limit=200 with Authorization: Bearer . State: control flow enters list_issue_activity.
  • require_workspace_member(W_attacker, attacker) passes. ActivityService.list_for_issue(I_T) runs SELECT * FROM activity WHERE issue_id = 'I_T' ORDER BY created_at DESC LIMIT 200. State: response body is the full activity log for the foreign issue.
  • The activity entries reveal: every actor (member or agent) who touched the issue, every action (created, updated, commented, status_changed, assignee_changed, project_changed, label_added, dependency_added), and the details JSON blob containing the before/after values of every change. State: the attacker fingerprints the foreign workspace's triage workflow, identifies who works on what, and sees the issue's complete history including any embedded secrets that ever passed through the description or comments.
  • Final state: with one workspace-member token plus one GET, the attacker reads the full activity timeline of any issue in the multi-tenant deployment given the issue UUIDs.

Security Impact

Severity: sec-moderate. CVSS 6.5: network attack, low complexity, low privileges, no user interaction, scope unchanged, high confidentiality (full activity log including before/after details), no integrity claim (read-only), no availability claim.

Attacker capability: read the activity log of any issue in the deployment given its UUID. Combined with the companion issue-IDOR (which already gives full issue content), this is recon for the foreign workspace's operational tempo, member identity, and triage workflow.

Preconditions: praisonai-platform is deployed multi-tenant; attacker has any workspace-membership token; foreign issue UUIDs are reachable.

Differential: source-inspection-verified. The asymmetry between list_workspace_activity (correctly workspace-scoped) and list_issue_activity (no workspace check) confirms the gap. With the suggested fix below, the route first resolves the issue via IssueService.get(workspace_id, issue_id), returns 404 for foreign issues, and only then proceeds.

Suggested Fix

--- a/src/praisonai-platform/praisonai_platform/api/routes/activity.py
+++ b/src/praisonai-platform/praisonai_platform/api/routes/activity.py
@@ -32,9 +32,12 @@
 @router.get("/issues/{issue_id}/activity", response_model=List[ActivityLogResponse])
 async def list_issue_activity(
     workspace_id: str,
     issue_id: str,
     limit: int = Query(50, ge=1, le=200),
     offset: int = Query(0, ge=0),
     user: AuthIdentity = Depends(require_workspace_member),
     session: AsyncSession = Depends(get_db),
 ):
+    issue_svc = IssueService(session)
+    if await issue_svc.get(workspace_id, issue_id) is None:    # workspace-scoped get from issue-IDOR companion
+        raise HTTPException(status_code=404, detail="Issue not found")
     svc = ActivityService(session)
     logs = await svc.list_for_issue(issue_id, limit=limit, offset=offset)
     return [ActivityLogResponse.model_validate(log) for log in logs]

The same single-key issue lookup pattern is filed separately as the IssueService IDOR; once that is fixed, the helper used here is just IssueService.get(workspace_id, issue_id).

CVSS v3
6.5
EG Score
6.5(low)
EPSS
9.7%
KEV
Not listed

Published

May 29, 2026

Last Modified

May 29, 2026

Vendor Advisories for CVE-2026-47408(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Affected Packages

(1 across 1 ecosystem)
PyPI(1)
PackageVulnerable rangeFixed inDependents
praisonai-platform0.1.0, 0.1.1, 0.1.2, 0.1.30.1.4

Data Freshness Timeline

(refreshed 3× in last 7d / 16× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-16 01:45 UTCEG score recompute
  2. 2026-07-14 13:44 UTCEG score recompute
  3. 2026-07-11 16:55 UTCEG score recompute
  4. 2026-07-08 17:15 UTCEG score recompute
  5. 2026-07-02 03:41 UTCEG score recompute
  6. 2026-07-01 01:17 UTCEG score recompute
  7. 2026-06-29 19:31 UTCEG score recompute
  8. 2026-06-28 19:01 UTCEG score recompute
  9. 2026-06-27 20:33 UTCEG score recompute
  10. 2026-06-26 22:04 UTCEG score recompute
  11. 2026-06-25 23:36 UTCEG score recompute
  12. 2026-06-25 01:08 UTCEG score recompute
  13. 2026-06-24 02:41 UTCEG score recompute
  14. 2026-06-18 22:20 UTCEG score recompute
  15. 2026-06-17 21:07 UTCEG score recompute
  16. 2026-06-16 22:38 UTCEG score recompute
  17. 2026-06-16 00:09 UTCEG score recompute
  18. 2026-06-15 01:40 UTCEG score recompute
  19. 2026-06-14 23:18 UTCEPSS rescore
  20. 2026-06-14 03:12 UTCEG score recompute
  21. 2026-06-13 04:44 UTCEG score recompute
  22. 2026-06-12 23:12 UTCEPSS rescore
  23. 2026-06-12 06:16 UTCEG score recompute
  24. 2026-06-11 07:48 UTCEG score recompute
  25. 2026-06-10 09:20 UTCEG score recompute
Show 11 more
  1. 2026-06-09 10:53 UTCEG score recompute
  2. 2026-06-08 12:25 UTCEG score recompute
  3. 2026-06-07 13:58 UTCEG score recompute
  4. 2026-06-06 15:26 UTCEG score recompute
  5. 2026-06-05 16:59 UTCEG score recompute
  6. 2026-06-04 18:31 UTCEG score recompute
  7. 2026-06-03 20:03 UTCEG score recompute
  8. 2026-06-02 21:35 UTCEG score recompute
  9. 2026-06-01 23:07 UTCEG score recompute
  10. 2026-06-01 00:40 UTCEG score recompute
  11. 2026-05-29 23:13 UTCEG score recompute

Frequently asked(5)

What is CVE-2026-47408?
CVE-2026-47408 is a medium vulnerability published on May 29, 2026. praisonai-platform: listissueactivity returns activity log for any issue regardless of workspace ownership Summary Type: Insecure Direct Object Reference. The GET /workspaces/{workspaceid}/issues/{issueid}/activity endpoint is gated by requireworkspacemember(workspaceid) and dispatches to…
When was CVE-2026-47408 disclosed?
CVE-2026-47408 was first published in the National Vulnerability Database on May 29, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-47408 actively exploited?
CVE-2026-47408 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 9.7% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-47408?
CVE-2026-47408 has a CVSS v4.0 base score of 6.5 (CNA self-assessment; NVD's own analysis pending). The EG score is currently aggregating — additional source signals are being incorporated as they become available..
How do I remediate CVE-2026-47408?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-47408, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-47408

Explore →

Is Your Infrastructure Affected by CVE-2026-47408?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.