Vulnerabilities ›

CVE-2026-41317

High

CWE-352 — Weakness Type

                    Published: Apr 24, 2026                      ·  Modified: Apr 30, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit 52ea2f2d1b587be0807557e96f025f47897d00fd restricts method to POST.

🤖 AI Executive Summary

CVE-2026-41317 is a CSRF vulnerability in Frappe Press affecting the API secret creation endpoint, which accepts GET requests despite performing database writes. This allows attackers to trigger unintended API secret creation through crafted requests, potentially compromising authentication mechanisms in SaaS environments. The vulnerability affects all Frappe Press versions until patched, with high severity due to direct impact on API security and account compromise risks.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 03:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations using Frappe Press for SaaS delivery, particularly in fintech, e-commerce, and enterprise software sectors, face significant risk. Financial institutions and payment processors using Frappe-based platforms are at highest risk of API credential compromise. Government agencies and healthcare providers utilizing Frappe Cloud for data management could experience unauthorized access to sensitive systems. Telecom and energy sector digital platforms built on Frappe infrastructure are vulnerable to account takeover and data exfiltration.

🏢 Affected Saudi Sectors

Financial Services and Banking E-commerce and Retail Government and Public Administration Healthcare and Medical Services Telecommunications Energy and Utilities Enterprise Software and SaaS Providers

🎯 MITRE ATT&CK Techniques

T1548 — Abuse Elevation Control Mechanism T1110 — Brute Force T1187 — Forced Authentication T1539 — Steal Web Session Cookie T1556 — Modify Authentication Process T1199 — Trusted Relationship

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE: Identify all Frappe Press instances in your environment and verify current version

2. Apply the security patch from commit 52ea2f2d1b587be0807557e96f025f47897d00fd immediately

3. Upgrade to the latest patched version of Frappe Press

4. COMPENSATING CONTROLS (if immediate patching not possible):

   - Implement WAF rules to block GET requests to /api/account/create_api_secret endpoint

   - Enforce CSRF tokens on all state-changing operations

   - Implement SameSite cookie attributes (Strict)

5. DETECTION: Monitor access logs for GET requests to create_api_secret endpoint; alert on any successful responses

6. REMEDIATION: Audit all API secrets created in the past 90 days; revoke suspicious credentials

7. Review and rotate all API keys and secrets post-patch

8. Implement request method validation at application and WAF levels

🔧 خطوات المعالجة (العربية)

1. فوري: حدد جميع مثيلات Frappe Press في بيئتك والتحقق من الإصدار الحالي

2. طبق رقعة الأمان من commit 52ea2f2d1b587be0807557e96f025f47897d00fd فوراً

3. قم بالترقية إلى أحدث إصدار مصحح من Frappe Press

4. الضوابط التعويضية (إذا لم يكن الإصلاح الفوري ممكناً):

   - طبق قواعد WAF لحظر طلبات GET إلى نقطة نهاية /api/account/create_api_secret

   - فرض رموز CSRF على جميع العمليات التي تغير الحالة

   - طبق سمات ملفات تعريف الارتباط SameSite (صارم)

5. الكشف: راقب سجلات الوصول لطلبات GET إلى نقطة نهاية create_api_secret؛ تنبيه على أي استجابات ناجحة

6. الإصلاح: تدقيق جميع أسرار API التي تم إنشاؤها في آخر 90 يوماً؛ إلغاء بيانات الاعتماد المريبة

7. مراجعة وتدوير جميع مفاتيح API والأسرار بعد الإصلاح

8. طبق التحقق من طريقة الطلب على مستويات التطبيق و WAF

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 - 5.1.1: Access Control and Authentication ECC 2024 - 5.2.2: API Security and Secure Communication ECC 2024 - 6.1.1: Vulnerability Management ECC 2024 - 7.1.2: Security Testing and Code Review

🔵 SAMA CSF

SAMA CSF - ID.AM-2: Software and Hardware Assets SAMA CSF - PR.AC-1: Access Control Policy SAMA CSF - PR.AC-3: Access Enforcement SAMA CSF - DE.CM-1: Network Monitoring

🟡 ISO 27001:2022

ISO 27001:2022 - A.5.15: Access Control ISO 27001:2022 - A.8.22: Cryptography ISO 27001:2022 - A.14.2: Development Security ISO 27001:2022 - A.12.6: Management of Technical Vulnerabilities

🟣 PCI DSS v4.0.1

PCI DSS 4.0 - 6.2.4: Security Testing PCI DSS 4.0 - 7.1: Limit Access to System Components PCI DSS 4.0 - 8.2: User Identification and Authentication

🔗 References & Sources 2

🔗

https://github.com/frappe/press/commit/52ea2f2d1b587be0807557e96f025f47897d00fd

security-advisories@github.com

Patch

🔗

https://github.com/frappe/press/security/advisories/GHSA-q4wg-jrr8-vpwf

security-advisories@github.com

Vendor Advisory

📦 Affected Products / CPE 1 entries

frappe:press

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-352

EPSS0.03%

Exploit No

Patch ✓ Yes

Published 2026-04-24

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-352

🏢 Vendor Advisories

🔗 https://github.com/frappe/press/security/advisories/...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-41317

💬 Comments

Introduce Yourself

Sign In Required