Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Taskosaur 1.0.0: Unrestricted Access to Admin Roles
CVE-2026-31874
Summary
Taskosaur's 1.0.0 version has a security flaw that allows attackers to create admin accounts without proper authorization. This means anyone can gain full control over the platform by creating a privileged account. To fix this, update to a newer version of Taskosaur that addresses this issue.
Original title
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during ...
Original description
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account.
nvd CVSS3.1
9.8
Vulnerability type
CWE-284
Improper Access Control
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026