CVE-2026-47413 Google Chronicle · YARA-L

Detect CVE-2026-47413: PraisonAI Platform Unauthorized Workspace Owner Privilege Escalation in Google Chronicle

Detects exploitation of CVE-2026-47413, a critical privilege escalation vulnerability in praisonai-platform < 0.1.4 where any authenticated workspace member can promote arbitrary users to owner role via POST /workspaces/{id}/members without authorization checks. CVSS 9.6. PoC is publicly available.

MITRE ATT&CK

Tactic
Privilege Escalation Persistence

YARA-L Detection Query

Google Chronicle (YARA-L)
yaral 
rule cve_2026_47413_praisonai_owner_escalation {
  meta:
    author = "df00tech Detection Platform"
    description = "Detects CVE-2026-47413 exploitation: unauthorized owner assignment in PraisonAI Platform"
    severity = "CRITICAL"
    priority = "HIGH"
    reference = "https://github.com/advisories/GHSA-8g2p-pqm3-fcfh"

  events:
    $http.metadata.event_type = "NETWORK_HTTP"
    $http.network.http.method = "POST"
    re.regex($http.network.http.request_url, `/workspaces/[^/]+/members`)
    $http.network.http.response_code in (200, 201)
    (
      re.regex($http.network.http.request_body, `"role"\s*:\s*"owner"`) or
      re.regex($http.network.http.request_body, `"role"\s*:\s*"admin"`)
    )
    $http.principal.ip = $src_ip

  condition:
    $http
}
critical severity high confidence

Chronicle YARA-L rule to detect successful POST requests assigning owner roles via the PraisonAI workspace members API endpoint.

Data Sources

Chronicle HTTP LogsWeb Proxy LogsApplication Logs ingested to Chronicle

Required Tables

NETWORK_HTTP

False Positives & Tuning

  • Legitimate administrative operations assigning owner roles through PraisonAI APIs
  • Platform provisioning scripts executed by authorized personnel
  • Multi-tenant management tools that programmatically configure workspace access

Other platforms for CVE-2026-47413

Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security (Elastic) IBM QRadar (QRadar) Sumo Logic CSE (Sumo) CrowdStrike LogScale (LogScale) All platforms (combined) →

Testing Methodology

Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1Baseline member promotes arbitrary user to owner via POST /workspaces/{id}/members

    Expected signal: HTTP access logs show POST /workspaces/{id}/members with 200 or 201 status code, source IP of non-admin user, and request body containing role: owner

  2. Test 2Mass workspace owner takeover across multiple workspaces

    Expected signal: Multiple POST requests to /workspaces/*/members within a short timeframe from the same source IP, all returning 200/201, with owner role in each request body

  3. Test 3Verify unauthorized owner role assignment via GET /workspaces/{id}/members

    Expected signal: GET request to /workspaces/{id}/members returning 200 with JSON body containing owner role entry for the target user, following the POST exploitation request

Last updated: 2026-06-25 Research depth: standard
References (2)

Unlock Pro Content

Get the full detection package for CVE-2026-47413 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0004Privilege EscalationTA0003Persistence

Related Techniques

T1078Valid AccountsT1548Abuse Elevation Control MechanismT1098Account Manipulation

Same Tactic: Privilege Escalation

Popular Detections