{"id":"PYSEC-2026-915","summary":"Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions","details":"### Impact\nSome internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests.\n\nAffected versions: Saleor ≥ 2.0.0\n\n### Workarounds\nNone\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open a discussion at https://github.com/saleor/saleor/discussions\n* Email us at [hello@saleor.io](mailto:hello@saleor.io)\n\n","aliases":["CVE-2023-26052","GHSA-3hvj-3cg9-v242"],"modified":"2026-07-07T11:45:50.377277886Z","published":"2026-07-07T10:17:28.017621Z","references":[{"type":"WEB","url":"https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26052"},{"type":"PACKAGE","url":"https://github.com/saleor/saleor"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.1.48"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.10.14"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.11.12"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.7.59"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.8.30"},{"type":"WEB","url":"https://github.com/saleor/saleor/releases/tag/3.9.27"},{"type":"PACKAGE","url":"https://pypi.org/project/saleor"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-3hvj-3cg9-v242"}],"affected":[{"package":{"name":"saleor","ecosystem":"PyPI","purl":"pkg:pypi/saleor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.0.0"},{"fixed":"3.1.48"},{"introduced":"3.7.0"},{"fixed":"3.7.59"},{"introduced":"3.8.0"},{"fixed":"3.8.30"},{"introduced":"3.9.0"},{"fixed":"3.9.27"},{"introduced":"3.10.0"},{"fixed":"3.10.14"},{"introduced":"3.11.0"},{"fixed":"3.11.12"}]}],"versions":["2.10.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/saleor/PYSEC-2026-915.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}