Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
"https://github.com/pypa/advisory-database/blob/main/vulns/kallithea/PYSEC-2026-648.yaml"