CVE-2026-41255 | CKAN up to 2.10.9/2.11.4 Protected Endpoint flask-wtf.csrf.CSRFProtect member cross-site request forgery (GHSA-mcvf-jxcw-vj73)

A vulnerability was found in CKAN up to 2.10.9/2.11.4. It has been declared as problematic. This issue affects the function flask-wtf.csrf.CSRFProtect of the component Protected Endpoint. Executing a manipulation of the argument member can lead to cross-site request forgery.

This vulnerability is handled as CVE-2026-41255. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More