CVE-2026-31874

Name of the Vulnerable Software and Affected Versions Taskosaur version 1.0.0

Description Taskosaur is an open source project management platform with conversational AI for task execution within the application. The application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload to assign themselves elevated privileges. The backend does not enforce role assignment restrictions or ignore client-supplied role parameters, allowing the server to accept the manipulated value and create an account with SUPER ADMIN privileges. This enables any unauthenticated attacker to register a fully privileged administrative account. The vulnerable parameter is role.

Recommendations Versions prior to 1.0.0 are not affected. For version 1.0.0, properly validate and restrict the role parameter during the user registration process to prevent unauthorized privilege escalation.