Saleor — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in Saleor, with AI-generated Chinese analysis, references, and POCs.

Vendor: Saleor

CVE ID	Title	CVSS	Severity	Published
CVE-2026-39851	Saleor has a user enumeration vulnerability due to different error messages CWE-204	5.3^AI	Medium^AI	2026-04-08
CVE-2026-35407	Saleor has Cross-Account Email Change via Unbound Confirmation Token CWE-285	5.3^AI	Medium^AI	2026-04-08
CVE-2026-35401	Saleor has a resource exhaustion vulnerability in GraphQL queries CWE-770	7.5	High	2026-04-08
CVE-2026-33756	Saleor Affected by Denial of Service via Unbounded GraphQL Query Batching CWE-770	7.5	High	2026-04-08
CVE-2026-24136	Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API CWE-639	7.5	-	2026-01-23
CVE-2026-23499	Saleor vulnerable to stored XSS via Unrestricted File Upload CWE-79	6.5^AI	Medium^AI	2026-01-21
CVE-2026-22849	Saleor lacks proper HTML sanitization in rich text fields CWE-83	5.4^AI	Medium^AI	2026-01-21
CVE-2025-58442	Saleor has user enumeration vulnerability due to different error messages CWE-204	5.3	Medium	2025-09-09
CVE-2024-31205	Saleor CSRF bypass in refreshToken mutation CWE-352	4.2	Medium	2024-04-08
CVE-2024-29888	Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method CWE-359	4.2	Medium	2024-03-27
CVE-2023-32694	Non-constant time HMAC comparison in Adyen plugin in Saleor CWE-203	4.8	Medium	2023-05-25
CVE-2023-26052	Saleor is vulnerable to unauthenticated information disclosure via Python exceptions CWE-209	3.7	Low	2023-03-02
CVE-2023-26051	Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions CWE-209	6.5	Medium	2023-03-02
CVE-2022-39275	Improper object type validation in saleor CWE-863	5.3	Medium	2022-10-06
CVE-2019-1010304	Mirumee Saleor 访问控制错误漏洞	5.3	-	2019-07-15

All 15 known CVE vulnerabilities affecting Saleor with full Chinese analysis, references, and POCs where available.