CVE-2026-31874 (GCVE-0-2026-31874)
Vulnerability from cvelistv5 – Published: 2026-03-11 18:13 – Updated: 2026-03-12 20:08
VLAI?
Title
Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration
Summary
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31874",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T20:08:30.309733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T20:08:36.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Taskosaur",
"vendor": "Taskosaur",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T18:13:33.936Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr"
},
{
"name": "https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932"
}
],
"source": {
"advisory": "GHSA-r6gj-4663-p5mr",
"discovery": "UNKNOWN"
},
"title": "Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31874",
"datePublished": "2026-03-11T18:13:33.936Z",
"dateReserved": "2026-03-09T19:02:25.014Z",
"dateUpdated": "2026-03-12T20:08:36.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-31874",
"date": "2026-04-25",
"epss": "0.00233",
"percentile": "0.46174"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31874\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-11T19:16:03.970\",\"lastModified\":\"2026-03-20T16:12:08.773\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account.\"},{\"lang\":\"es\",\"value\":\"Taskosaur es una plataforma de gesti\u00f3n de proyectos de c\u00f3digo abierto con IA conversacional para la ejecuci\u00f3n de tareas dentro de la aplicaci\u00f3n. En la versi\u00f3n 1.0.0, la aplicaci\u00f3n no valida ni restringe adecuadamente el par\u00e1metro role durante el proceso de registro de usuario. Un atacante puede modificar manualmente la carga \u00fatil de la solicitud y asignarse privilegios elevados. Dado que el backend no aplica restricciones de asignaci\u00f3n de roles ni ignora los par\u00e1metros de rol proporcionados por el cliente, el servidor acepta el valor manipulado y crea la cuenta con privilegios SUPER_ADMIN. Esto permite a cualquier atacante no autenticado registrar una cuenta administrativa con todos los privilegios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-639\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:taskosaur:taskosaur:1.0.0:*:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"89FEF05F-74B0-41FD-9845-F084FE8D8AC4\"}]}]}],\"references\":[{\"url\":\"https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-31874\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-12T20:08:30.309733Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-12T20:08:34.013Z\"}}], \"cna\": {\"title\": \"Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration\", \"source\": {\"advisory\": \"GHSA-r6gj-4663-p5mr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Taskosaur\", \"product\": \"Taskosaur\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\"}]}], \"references\": [{\"url\": \"https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr\", \"name\": \"https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932\", \"name\": \"https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639: Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-11T18:13:33.936Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-31874\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-12T20:08:36.826Z\", \"dateReserved\": \"2026-03-09T19:02:25.014Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-11T18:13:33.936Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…