What is the CVSS score of CVE-2026-27705?

CVE-2026-27705 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Plane are affected by CVE-2026-27705?

Organizations using Plane should be aware of notable risk from CVE-2026-27705, a IDOR vulnerability rated CVSS 6.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Plane CVE-2026-27705

MEDIUM

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-02-25 security-advisories@github.com

Authentication Bypass Plane

6.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch released

Feb 27, 2026 - 17:37 nvd

Patch available

CVE Published

Feb 25, 2026 - 17:25 nvd

MEDIUM 6.5

DescriptionGitHub Advisory

Plane is an an open-source project management tool. Prior to version 1.2.2, the ProjectAssetEndpoint.patch() method in apps/api/plane/app/views/asset/v2.py (lines 579-593) performs a global asset lookup using only the asset ID (pk) via FileAsset.objects.get(id=pk), without verifying that the asset belongs to the workspace and project specified in the URL path. This allows any authenticated user (including those with the GUEST role) to modify the attributes and is_uploaded status of assets belonging to any workspace or project in the entire Plane instance by guessing or enumerating asset UUIDs. Version 1.2.2 fixes the issue.

AnalysisAI

Plane prior to version 1.2.2 allows authenticated users to modify project assets across any workspace by directly referencing asset IDs, as the asset lookup fails to verify workspace and project ownership. An attacker with guest-level credentials can enumerate asset UUIDs and alter asset attributes and upload status without authorization. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	CVSS 6.5 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker (requires authentication) could exploit this vulnerability to compromise the affected system.
Remediation	A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-10850 MEDIUM This Month

6.9 Jun 17

Stored cross-site scripting in Plane CE 1.3.1 allows an authenticated low-privileged project member to inject arbitrary

CVE-2026-27705 vulnerability details – vuln.today

Back

Plane CVE-2026-27705

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code