A vulnerability was found in CKAN up to 2.10.9/2.11.4 . It has been declared as problematic . This issue affects the function flask-wtf.csrf.CSRFProtect of the component Protected Endpoint . Executing a manipulation of the argument member can lead to cross-site request forgery. This vulnerability is handled as CVE-2026-41255 . The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.