CVE-2026-48169: PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API

The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any workspace just by swapping UUIDs in their API requests. On top of that, every member management endpoint (add, update role, remove) only requires min_role="member", which lets any workspace member promote themselves to owner and kick out the original owner. A low-privilege member of one workspace can steal data from every other workspace and take over any workspace they belong to.

Both issues come from the same gap: the route layer pulls workspace_id from the URL and verifies membership, but the service layer ignores the workspace scope for resource lookups and ignores the caller’s role level for member operations. The require_workspace_member() dependency does its job correctly. The problem is that the service layer doesn’t use the information it provides.