CVE-2026-46558

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1.

Fix

Missing Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-639

Related Identifiers

CVE-2026-46558

Affected Products

Plane

CVE-2026-46558

Weakness Enumeration

Related Identifiers

Affected Products

References · 3