CVE-2026-27705 Overview
CVE-2026-27705 is an Insecure Direct Object Reference (IDOR) vulnerability affecting Plane, an open-source project management tool. The vulnerability exists in the ProjectAssetEndpoint.patch() method located in apps/api/plane/app/views/asset/v2.py (lines 579–593). This method performs a global asset lookup using only the asset ID (pk) via FileAsset.objects.get(id=pk), without verifying that the asset belongs to the workspace and project specified in the URL path. This flaw allows any authenticated user, including those with the lowest-privilege GUEST role, to modify the attributes and is_uploaded status of assets belonging to any workspace or project in the entire Plane instance by guessing or enumerating asset UUIDs.
Critical Impact
Any authenticated user can modify assets across all workspaces and projects by enumerating asset UUIDs, potentially leading to unauthorized data manipulation and integrity violations across the entire Plane instance.
Affected Products
- Plane versions prior to 1.2.2
- Plane open-source project management instances with multi-tenant configurations
- Self-hosted Plane deployments running vulnerable versions
Discovery Timeline
- 2026-02-25 - CVE CVE-2026-27705 published to NVD
- 2026-02-25 - Last updated in NVD database
Technical Details for CVE-2026-27705
Vulnerability Analysis
The vulnerability stems from a missing authorization check in the asset patching functionality. When a user sends a PATCH request to modify an asset, the application retrieves the asset using only the primary key (pk) parameter from the URL, completely ignoring the workspace slug and project ID that are also part of the request path. This design flaw means the application does not enforce tenant isolation or project-level access controls when processing asset modification requests.
The vulnerable code path accepts requests from users with ADMIN, MEMBER, or GUEST roles through the @allow_permission decorator, but the actual database query bypasses the authorization context entirely. An attacker can exploit this by capturing a legitimate asset modification request and substituting the asset UUID with one belonging to a different workspace or project.
Root Cause
The root cause is a classic Insecure Direct Object Reference (CWE-639) vulnerability where the application fails to validate that the requested resource belongs to the authorization context established by the URL path parameters. The FileAsset.objects.get(id=pk) query trusts the user-supplied pk value without confirming ownership or access rights based on the workspace and project context.
Attack Vector
This vulnerability is exploitable over the network by any authenticated user. The attack requires low complexity as the attacker only needs valid authentication credentials (even as a GUEST user) and the ability to enumerate or guess asset UUIDs. The attack can be executed by:
- Authenticating to the Plane instance with any role (including GUEST)
- Intercepting a legitimate asset PATCH request to understand the request format
- Enumerating or guessing asset UUIDs (UUIDs may be leaked through other API responses or predictable patterns)
- Sending modified PATCH requests with target asset UUIDs to manipulate assets across different workspaces
Vulnerable Code (Before Patch):
@allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
def patch(self, request, slug, project_id, pk):
# get the asset id
- asset = FileAsset.objects.get(id=pk)
+ asset = FileAsset.objects.get(id=pk, workspace__slug=slug, project_id=project_id)
# get the storage metadata
asset.is_uploaded = True
# get the storage metadata
Source: GitHub Commit Update
Additional Fix for Attachment Deletion Endpoint:
@allow_permission([ROLE.ADMIN], creator=True, model=FileAsset)
def delete(self, request, slug, project_id, issue_id, pk):
- issue_attachment = FileAsset.objects.get(pk=pk)
+ issue_attachment = FileAsset.objects.filter(
+ pk=pk, workspace__slug=slug, project_id=project_id, issue_id=issue_id
+ ).first()
+ if not issue_attachment:
+ return Response(status=status.HTTP_404_NOT_FOUND)
issue_attachment.asset.delete(save=False)
issue_attachment.delete()
issue_activity.delay(
Source: GitHub Commit Update
Detection Methods for CVE-2026-27705
Indicators of Compromise
- Unusual PATCH requests to /api/v2/workspaces/{slug}/projects/{project_id}/assets/{pk} endpoints where the asset UUID doesn't match expected project assets
- API access logs showing users accessing assets from workspaces or projects they are not members of
- Anomalous patterns of asset UUID enumeration attempts in web server access logs
- Unexpected modifications to asset attributes or is_uploaded status without corresponding user activity in the application
Detection Strategies
- Implement API request logging that correlates user permissions with accessed resources to identify cross-tenant access attempts
- Monitor for sequential or patterned UUID access that may indicate enumeration attacks
- Deploy web application firewall (WAF) rules to detect and alert on suspicious asset endpoint access patterns
- Review audit logs for asset modifications by users who lack project membership
Monitoring Recommendations
- Enable detailed API access logging for all asset-related endpoints
- Set up alerting for failed authorization attempts or 404 responses that may indicate exploitation attempts
- Implement behavioral analytics to detect users accessing assets outside their normal workspace scope
- Regularly audit asset modification histories against expected user permissions
How to Mitigate CVE-2026-27705
Immediate Actions Required
- Upgrade Plane to version 1.2.2 or later immediately
- Review audit logs for any unauthorized asset modifications that may have occurred prior to patching
- Consider temporarily restricting GUEST role permissions until the patch is applied
- Audit all assets for unexpected modifications to attributes or is_uploaded fields
Patch Information
The vulnerability is fixed in Plane version 1.2.2. The patch modifies the asset lookup query to include workspace and project validation, ensuring that users can only access assets within their authorized scope. The fix adds workspace__slug=slug and project_id=project_id parameters to the database query, enforcing proper tenant isolation.
For detailed patch information, refer to the GitHub Security Advisory GHSA-rfj3-8c85-g46j and the GitHub Release v1.2.2.
Workarounds
- If immediate patching is not possible, implement network-level access controls to restrict API access to trusted users only
- Apply custom middleware to validate workspace and project ownership before processing asset requests
- Temporarily disable or restrict the GUEST role across all workspaces until the patch can be applied
- Consider deploying a reverse proxy or WAF rule to validate that asset UUIDs in requests correspond to the specified workspace and project
# Upgrade Plane to patched version
# For Docker deployments:
docker pull makeplane/plane:v1.2.2
docker-compose down
docker-compose up -d
# For self-hosted deployments, pull the latest release:
git fetch --tags
git checkout v1.2.2
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
