Vulnerability Details CVE-2026-46558
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.4%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2026-46558
-
cpe:2.3:a:plane:plane:-
-
cpe:2.3:a:plane:plane:0.1
-
cpe:2.3:a:plane:plane:0.2
-
cpe:2.3:a:plane:plane:0.2.1
-
cpe:2.3:a:plane:plane:0.23.0
-
cpe:2.3:a:plane:plane:0.23.1
-
cpe:2.3:a:plane:plane:0.24.0
-
cpe:2.3:a:plane:plane:0.24.1
-
cpe:2.3:a:plane:plane:0.25.0
-
cpe:2.3:a:plane:plane:0.25.1
-
cpe:2.3:a:plane:plane:0.25.2
-
cpe:2.3:a:plane:plane:0.25.3
-
cpe:2.3:a:plane:plane:0.26.0
-
cpe:2.3:a:plane:plane:0.26.1
-
cpe:2.3:a:plane:plane:0.27.0
-
cpe:2.3:a:plane:plane:0.27.1
-
cpe:2.3:a:plane:plane:0.28.0
-
cpe:2.3:a:plane:plane:0.3
-
cpe:2.3:a:plane:plane:0.3.1
-
cpe:2.3:a:plane:plane:0.4
-
cpe:2.3:a:plane:plane:0.5
-
cpe:2.3:a:plane:plane:0.6
-
cpe:2.3:a:plane:plane:0.7
-
cpe:2.3:a:plane:plane:0.7.1
-
cpe:2.3:a:plane:plane:0.8
-
cpe:2.3:a:plane:plane:0.9
-
cpe:2.3:a:plane:plane:1.0.0
-
cpe:2.3:a:plane:plane:1.1.0
-
cpe:2.3:a:plane:plane:1.2.0
-
cpe:2.3:a:plane:plane:1.2.1