CKAN CVE-2026-41255
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Views can be marked as exempt from CSRF protection
Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection.
The marking was a member variable in flask-wtf.csrf.CSRFProtect(), which was stored as a module level variable in the flask_app middleware. Thsi API was never intended for request level changes, it is primarily a decorator for static configuration.
An unauthenticated request could hit a protected endpoint, exempting it from CSRF protection for the life of the particular server process. (e.g. one worker of uwsgi).
This could be leveraged with XSS to perform actions using other user's credentials.
AnalysisAI
CKAN versions 2.10.0 through 2.10.9 and 2.11.0 through 2.11.4 allow unauthenticated requests to permanently disable CSRF protection on endpoints for the lifetime of the server process by triggering a state mutation in the flask-wtf CSRFProtect middleware. Combined with cross-site scripting, an attacker can exploit this to perform authenticated actions using other users' credentials. The vulnerability affects network-accessible CKAN instances with default configurations and has CVSS 6.1 with user interaction required.
Technical ContextAI
CKAN is a data management and publishing platform built on Flask that uses flask-wtf for CSRF protection. The vulnerability stems from improper use of the CSRFProtect class from flask-wtf, where a member variable tracking CSRF exemption status was stored as a module-level variable in the Flask application middleware rather than being request-scoped. The CSRFProtect decorator API was designed for static, application-startup configuration, not dynamic per-request changes. When an unauthenticated or token-authenticated request accesses a protected endpoint, the exemption flag persists across subsequent requests in the same worker process (relevant for multi-process servers like uWSGI), effectively disabling CSRF validation for all following requests in that process. This violates the principle that CSRF exemptions should be declaratively set at route definition time, not mutated by request handling logic. The root cause is CWE-352 (Cross-Site Request Forgery), compounded by improper state management in a shared middleware object.
RemediationAI
Upgrade CKAN to version 2.10.10 or later if currently on the 2.10.x branch, or to version 2.11.5 or later if on the 2.11.x branch. Upgrade instructions are available at https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29 and https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29 respectively. For organizations unable to patch immediately, implement the following compensating controls: (1) Deploy CKAN using a single-process model or with process isolation such that each worker process handles a limited set of requests before recycling - this limits the duration an exemption flag remains active; (2) restrict network access to CKAN endpoints at the load balancer or firewall level to authenticated IP ranges only, reducing exposure to anonymous request triggering; (3) conduct an urgent security audit for cross-site scripting vulnerabilities in CKAN templates and custom plugins, as XSS is the necessary delivery vector for exploiting the CSRF exemption; (4) implement a Web Application Firewall to detect and block suspicious patterns combining CSRF token reuse with XSS payloads. Note that these controls do not fix the underlying defect and should be considered temporary measures pending patching.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-mcvf-jxcw-vj73