CVE-2026-41317

Vulnerability Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit 52ea2f2d1b587be0807557e96f025f47897d00fd restricts method to POST.

Vulnerability Details

Published Date

April 24, 2026

Last Modified

April 24, 2026

CWE ID

CWE-352

Source

NVD

Vendor

frappe

Product

press

External References

https://github.com/frappe/press/commit/52ea2f2d1b587be0807557e96f025f47897d00fd
https://github.com/frappe/press/security/advisories/GHSA-q4wg-jrr8-vpwf

CVE-2026-41317

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment