CVE-2026-31874

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932	Patch
https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:taskosaur:taskosaur:1.0.0:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2026-03-11 19:16

Updated : 2026-03-20 16:12

NVD link : CVE-2026-31874

Mitre link : CVE-2026-31874

CVE.ORG link : CVE-2026-31874

JSON object : View

Products Affected

taskosaur

taskosaur

CWE

CWE-284

Improper Access Control

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2026-31874", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-11T19:16:03.970", "references": [{"url": "https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-639"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account."}, {"lang": "es", "value": "Taskosaur es una plataforma de gesti\u00f3n de proyectos de c\u00f3digo abierto con IA conversacional para la ejecuci\u00f3n de tareas dentro de la aplicaci\u00f3n. En la versi\u00f3n 1.0.0, la aplicaci\u00f3n no valida ni restringe adecuadamente el par\u00e1metro role durante el proceso de registro de usuario. Un atacante puede modificar manualmente la carga \u00fatil de la solicitud y asignarse privilegios elevados. Dado que el backend no aplica restricciones de asignaci\u00f3n de roles ni ignora los par\u00e1metros de rol proporcionados por el cliente, el servidor acepta el valor manipulado y crea la cuenta con privilegios SUPER_ADMIN. Esto permite a cualquier atacante no autenticado registrar una cuenta administrativa con todos los privilegios."}], "lastModified": "2026-03-20T16:12:08.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:taskosaur:taskosaur:1.0.0:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "89FEF05F-74B0-41FD-9845-F084FE8D8AC4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}