CVE-2026-41255 | CKAN up to 2.10.9/2.11.4 Protected Endpoint flask-wtf.csrf.CSRFProtect member cross-site request forgery (GHSA-mcvf-jxcw-vj73)

Inserito da Angelo Barbosa | Mag 14, 2026 | CVE

A vulnerability was found in CKAN up to 2.10.9/2.11.4. It has been declared as problematic. This issue affects the function flask-wtf.csrf.CSRFProtect of the component Protected Endpoint. Executing a manipulation of the argument member can lead to cross-site request forgery.

This vulnerability is handled as CVE-2026-41255. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.

CVE-2026-41255 | CKAN up to 2.10.9/2.11.4 Protected Endpoint flask-wtf.csrf.CSRFProtect member cross-site request forgery (GHSA-mcvf-jxcw-vj73)

Post correlati

CVE-2023-4280 | Silabs Gecko SDK up to 4.3.x TrustZone out-of-bounds write

CVE-2024-27339 | Kofax Power PDF PDF File Parser out-of-bounds write

CVE-2025-6669 | gooaclok819 sublinkX up to 1.8 middlewares/jwt.go hard-coded key (Issue 69)

CVE-2024-22167 | SanDisk PrivateAccess App up to 6.4.9 on Windows uncontrolled search path