NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41317

Summary	Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit 52ea2f2d1b587be0807557e96f025f47897d00fd restricts method to POST.
Publication Date	April 24, 2026, 12:16 p.m.
Registration Date	April 25, 2026, 4:07 a.m.
Last Update	April 24, 2026, 11:50 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/frappe/press/commit/52ea2f2d1b587be0807557e96f025f47897d00fd	security-advisories@github.com
2	https://github.com/frappe/press/security/advisories/GHSA-q4wg-jrr8-vpwf	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-352	クロスサイト・リクエスト・フォージェリ（CSRF）	https://cwe.mitre.org/data/definitions/352.html
2	CWE-352	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html