CSRF Exposure in CKAN Data Management System by CKAN
CVE-2026-41255

6.1MEDIUM

Key Information:

Vendor: Ckan
Status: Ckan
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-41255?

CKAN, a popular open-source data management system, has a vulnerability where specific endpoints can be accessed without proper CSRF protection. This issue arises from the improper handling of unauthenticated requests, allowing them to bypass essential security measures intended to protect sensitive data. The vulnerability was identified in versions prior to 2.10.10 and 2.11.5, where the lack of CSRF guarding could lead to unauthorized interaction with protected endpoints. Users are encouraged to upgrade to secure versions to mitigate risks and enhance overall system security.

Affected Version(s)

ckan >= 2.11.0, < 2.11.5 < 2.11.0, 2.11.5

ckan < 2.10.10 < 2.10.10

References

https://github.com/ckan/ckan/security/advisories/GHSA-mcv...

x_refsource_CONFIRM

https://github.com/Shirshaw64p/security-advisories/tree/m...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Apr 18, 2026

CVE-2026-41255 Data

JSON

Ckan

What is CVE-2026-41255?

Affected Version(s)

References

CVSS V3.1

Timeline