CVE-2026-31874 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 11, 2026
Taskosaur - Broken Access Control
Overview
Taskosaur 1.0.0 contains a broken access control vulnerability caused by improper validation of the role parameter during user registration, letting unauthenticated attackers create accounts with SUPER_ADMIN privileges, exploit requires no authentication.
Severity & Score
Impact
Unauthenticated attackers can create fully privileged administrative accounts, leading to complete system compromise.
Mitigation
Update to the latest version with proper role validation and enforcement.
References
Social Media Activity(2 posts)
š“ CVE-2026-31874 - Critical (9.8) Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can man... š https://www.thehackerwire.com/vulnerability/CVE-2026-31874/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-31874 - Critical (9.8) Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can man... š https://www.thehackerwire.com/vulnerability/CVE-2026-31874/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-31874
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_access_control
- Status
- new
- EPSS
- 9.0%
- Social Posts
- 2
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H