Skip to main content

Plane CVE-2026-40102

| EUVDEUVD-2026-31199 MEDIUM
Improper Neutralization of Special Elements in Data Query Logic (CWE-943)
2026-05-20 security-advisories@github.com
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
May 20, 2026 - 23:02 EUVD
Source Code Evidence Fetched
May 20, 2026 - 22:37 vuln.today
Analysis Generated
May 20, 2026 - 22:37 vuln.today

DescriptionGitHub Advisory

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without validation (unlike the regular AnalyticsEndpoint, which checks against an allowlist), causing ORM Field Reference Injection. An authenticated workspace MEMBER can send GET /api/workspaces/<slug>/saved-analytic-view/<analytic_id>/ with a crafted segment value that is forwarded into build_graph_plot() and traverses foreign-key relationships (e.g. workspace__owner__password) before being projected via .values("dimension", "segment"), returning the referenced field values directly in the JSON response. This exposes sensitive data such as bcrypt password hashes, API tokens, and related users' email addresses, making it a stronger primitive than the related order_by injection where values are only leaked through ordering. This issue has been fixed in version 1.3.1.

AnalysisAI

ORM Field Reference Injection in Plane versions 1.3.0 and below enables any authenticated workspace MEMBER to exfiltrate sensitive data - including bcrypt password hashes, API tokens, and user email addresses - via a single crafted GET request. The SavedAnalyticEndpoint omits the field allowlist validation present in the regular AnalyticsEndpoint, passing the user-supplied segment parameter directly into Django F() expressions, which then traverse foreign-key relationships and return referenced field values in the JSON response. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the attack is trivially reconstructable from the public GHSA-93x3-ghh7-72j3 advisory and the exfiltrated data directly enables secondary attacks.

Technical ContextAI

Plane is a Python/Django open-source project management platform. Django's F() expression allows ORM queries to reference model fields and traverse relational paths using double-underscore notation (e.g., workspace__owner__password), which the query engine resolves at SQL level against joined tables. The SavedAnalyticEndpoint passes the user-supplied segment query parameter directly into build_graph_plot(), which ultimately calls .values('dimension', 'segment') - projecting the referenced field's raw database value into the HTTP response. The regular AnalyticsEndpoint mitigated this by checking segment against an allowlist, but that guard was absent from SavedAnalyticEndpoint. CWE-943 (Improper Neutralization of Special Elements in Data Query Logic - ORM Injection) describes this root cause precisely: untrusted input influences the structural field selection of an ORM query rather than just its filter parameters, bypassing access-control boundaries at the data layer. The NVD tag 'Nosql Injection' is a misclassification; this is Django relational ORM injection, not a NoSQL database issue.

RemediationAI

Upgrade Plane to version 1.3.1 immediately (https://github.com/makeplane/plane/releases/tag/v1.3.1). The patch centralizes field validation into VALID_ANALYTICS_FIELDS and VALID_YAXIS allowlists and adds defense-in-depth validation in both build_graph_plot() and extract_axis(), ensuring no code path can pass arbitrary field references to Django F() expressions; the missing segment allowlist check in SavedAnalyticEndpoint is explicitly addressed. If an immediate upgrade is not feasible, restrict access to the /api/workspaces/<slug>/saved-analytic-view/ endpoint family at the reverse-proxy or WAF layer - note that this only reduces exposure from external attackers and does not protect against a compromised MEMBER-level account accessing the API from within the network. There is no known configuration toggle to disable saved analytics independently of the broader analytics feature. The trade-off of blocking the endpoint is loss of saved analytics functionality for all workspace members until the patch is applied.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-40102 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy