CVE-2026-41317

Name of the Vulnerable Software and Affected Versions Press (affected versions not specified)

Description Press, a Frappe custom app used for managing infrastructure, subscriptions, marketplace, and software-as-a-service (SaaS), contains a flaw in the 'press.api.account.create api secret' endpoint. This endpoint allows database writes and is accessible via the GET method, making it susceptible to Cross-Site Request Forgery (CSRF) style exploits, where an attacker could trick a user into performing unintended actions.

Recommendations Restrict the 'press.api.account.create api secret' endpoint to only allow POST requests.