VDB
KO
HIGH 8.8

PYSEC-2026-648

Kallithea Routes CSRF Bypass

Details

Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / kallithea
Introduced in: 0 Fixed in: 0.3.2
Fix pip install --upgrade 'kallithea>=0.3.2'

References