What is CVE-2026-41317?

CVE-2026-41317 is a high-severity vulnerability in Frappe Press, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.5/10. Published 2026-04-24.

How severe is CVE-2026-41317?

High severity. CVSS v3 base score is 7.5 out of 10.

CSRF in Frappe Press

CVE-2026-41317

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to database a…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (6.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Frappe Press — versions < 52ea2f2d1b587be0807557e96f025f47897d00fd

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

https://github.com/frappe/press/security/advisories/GHSA-q4wg-jrr8-vpwf (x_refsource_CONFIRM, Vendor Advisory)
https://github.com/frappe/press/commit/52ea2f2d1b587be0807557e96f025f47897d00fd (Patch, x_refsource_MISC)

Frequently asked questions

What is CVE-2026-41317?: CVE-2026-41317 is a high-severity vulnerability in Frappe Press, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.5/10. Published 2026-04-24.
How severe is CVE-2026-41317?: High severity. CVSS v3 base score is 7.5 out of 10.