CVE-2026-47413

CVE-2026-47413: PraisonAI Platform Unauthorized Workspace Owner Privilege Escalation

Privilege Escalation Persistence Last updated:

Detects exploitation of CVE-2026-47413, a critical privilege escalation vulnerability in praisonai-platform < 0.1.4 where any authenticated workspace member can promote arbitrary users to owner role via POST /workspaces/{id}/members without authorization checks. CVSS 9.6. PoC is publicly available.

Vulnerability Intelligence

Public PoC

Affected Software

Vendor
pip
Product
praisonai-platform
Versions
< 0.1.4

Weakness (CWE)

CWE-269CWE-862

Timeline

Disclosed
June 1, 2026

CVSS

9.6
Critical (9.0–10)
Read the write-up →

What is CVE-2026-47413 CVE-2026-47413: PraisonAI Platform Unauthorized Workspace Owner Privilege Escalation?

CVE-2026-47413: PraisonAI Platform Unauthorized Workspace Owner Privilege Escalation (CVE-2026-47413) maps to the Privilege Escalation and Persistence tactics — the adversary is trying to gain higher-level permissions in MITRE ATT&CK.

This page provides production-ready detection logic for CVE-2026-47413: PraisonAI Platform Unauthorized Workspace Owner Privilege Escalation, covering the data sources and telemetry it touches: AzureDiagnostics, AppServiceHTTPLogs, W3CIISLog. The queries below are rated critical severity at high confidence, and ship for 7 SIEM platforms — KQL, SPL, Elastic, QRadar, Sumo, YARA-L, LogScale.

MITRE ATT&CK

Tactic
Privilege Escalation Persistence
Microsoft Sentinel / Defender
kusto 
union AzureDiagnostics, AppServiceHTTPLogs, W3CIISLog
| where TimeGenerated > ago(24h)
| where RequestUri has "/workspaces/" and RequestUri has "/members"
| where RequestMethod == "POST"
| extend WorkspaceId = extract(@"/workspaces/([^/]+)/members", 1, RequestUri)
| extend RequestBodyStr = tostring(RequestBody)
| where RequestBodyStr has "owner" or RequestBodyStr has "role"
| project TimeGenerated, CallerIpAddress, RequestUri, WorkspaceId, UserAgent, RequestBodyStr, ResultCode
| extend SuspiciousRoleAssignment = iff(ResultCode in (200, 201), true, false)
| where SuspiciousRoleAssignment == true
| summarize AttemptCount = count(), UniqueTargetWorkspaces = dcount(WorkspaceId) by CallerIpAddress, bin(TimeGenerated, 5m)
| where AttemptCount >= 1

Detects POST requests to the /workspaces/{id}/members endpoint that result in successful responses, indicating potential unauthorized owner assignment in PraisonAI Platform.

critical severity high confidence

Data Sources

AzureDiagnostics AppServiceHTTPLogs W3CIISLog

Required Tables

AzureDiagnostics AppServiceHTTPLogs W3CIISLog

False Positives

  • Legitimate workspace administrators adding new owners through the UI
  • Automated provisioning scripts that legitimately manage workspace membership
  • Load testing or integration test environments hitting the members endpoint

Sigma rule & cross-platform mapping

The detection logic for CVE-2026-47413: PraisonAI Platform Unauthorized Workspace Owner Privilege Escalation (CVE-2026-47413) above is provided in a vendor-neutral form so you can deploy it on any SIEM. The same logic is shipped here as native KQL (Microsoft Sentinel / Defender), SPL (Splunk), Elastic (Elastic Security (EQL)), QRadar (IBM QRadar (AQL)), Sumo (Sumo Logic CSE), YARA-L (Google Chronicle / SecOps), LogScale (CrowdStrike LogScale (CQL)) queries. In Sigma terms, this detection targets the following logsource: 

logsource:
  product: azure

Browse the community-maintained Sigma rules for this technique:

SigmaHQ rules for CVE-2026-47413 Sigma rules on detection.fyi

Platform-specific guides for CVE-2026-47413

Detect in Microsoft Sentinel (KQL) Detect in Splunk (SPL) Detect in Elastic Security (Elastic) Detect in IBM QRadar (QRadar) Detect in Sumo Logic CSE (Sumo) Detect in Google Chronicle (YARA-L) Detect in CrowdStrike LogScale (LogScale)
Last updated: 2026-06-25 Research depth: standard
References (2)

Testing Methodology

Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Baseline member promotes arbitrary user to owner via POST /workspaces/{id}/members

    Expected signal: HTTP access logs show POST /workspaces/{id}/members with 200 or 201 status code, source IP of non-admin user, and request body containing role: owner

  2. Test 2Mass workspace owner takeover across multiple workspaces

    Expected signal: Multiple POST requests to /workspaces/*/members within a short timeframe from the same source IP, all returning 200/201, with owner role in each request body

  3. Test 3Verify unauthorized owner role assignment via GET /workspaces/{id}/members

    Expected signal: GET request to /workspaces/{id}/members returning 200 with JSON body containing owner role entry for the target user, following the POST exploitation request

Unlock Pro Content

Get the full detection package for CVE-2026-47413 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0004Privilege EscalationTA0003Persistence

Related Techniques

T1078Valid AccountsT1548Abuse Elevation Control MechanismT1098Account Manipulation

Same Tactic: Privilege Escalation

Popular Detections