What is CVE-2026-31874?

CVE-2026-31874 is a critical-severity vulnerability in Taskosaur, classified under Improper Access Control. CVSS score: 9.8/10. Published 2026-03-11.

How severe is CVE-2026-31874?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Taskosaur

CVE-2026-31874

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker…

EPSS: 0.002 (47.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Taskosaur — versions 1.0.0

Weakness classification (CWE)

References

https://github.com/Taskosaur/Taskosaur/security/advisories/GHSA-r6gj-4663-p5mr (x_refsource_CONFIRM)
https://github.com/Taskosaur/Taskosaur/commit/159a5a8f43761561100a57d34309830550028932 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-31874?: CVE-2026-31874 is a critical-severity vulnerability in Taskosaur, classified under Improper Access Control. CVSS score: 9.8/10. Published 2026-03-11.
How severe is CVE-2026-31874?: Critical severity. CVSS v3 base score is 9.8 out of 10.