PatchSiren cyber security CVE debrief
CVE-2026-46558 makeplane CVE debrief
CVE-2026-46558 is a high-severity vulnerability in Plane, an open-source project management tool. Prior to version 1.3.1, a cross-workspace asset authorization bypass allows any authenticated user to read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1.
- Vendor
- makeplane
- Product
- plane
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Users of Plane, an open-source project management tool, should be aware of this vulnerability if they are using a version prior to 1.3.1.
Technical summary
The vulnerability has a CVSS score of 8.3 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L. The weaknesses associated with this vulnerability are CWE-639 and CWE-862.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Plane version 1.3.1 or later to patch the vulnerability.
- Review and restrict access to sensitive assets in Plane workspaces.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information and mitigation steps are available at [ref-4] and [ref-5].
Official resources
-
CVE-2026-46558 CVE record
CVE.org
-
CVE-2026-46558 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
CVE-2026-46558 was published on 2026-06-10T16:17:09.260Z and modified on 2026-06-12T00:49:47.167Z.