Exploitation Summary
EIP tracks 1 public exploit for CVE-2026-31874. PoCs published by G3XAR.
AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2026-31874, an improper role assignment vulnerability in Taskosaur. It explains how an attacker can manipulate the role parameter during user registration to gain SUPER_ADMIN privileges, including step-by-step PoC instructions and visual evidence.
Description
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account.
Exploits (1)
The repository provides a detailed technical analysis of CVE-2026-31874, an improper role assignment vulnerability in Taskosaur. It explains how an attacker can manipulate the role parameter during user registration to gain SUPER_ADMIN privileges, including step-by-step PoC instructions and visual evidence.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H