Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-31874

Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration
Back to all
CVE

CVE-2026-31874

Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
9.8
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31874.json, https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932, https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr, https://nvd.nist.gov/vuln/detail/CVE-2026-31874

Severity

9.8

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
9.8
EPSS Probability
0.0009%
EPSS Percentile
0.25419%
Introduced Version
0
Fix Available
159a5a8f43761561100a57d34309830550028932

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading