CVE-2026-24136

{"id": "CVE-2026-24136", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-24T00:15:49.167", "references": [{"url": "https://github.com/saleor/saleor/commit/5dab1857fbb2801f74e2bfe86f307e4590d9d2fa", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/saleor/saleor/commit/718ce1b4fc3aef68eeac1aea0cf1d70a614ba6af", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/saleor/saleor/commit/9bcd4f9000b189297eeb3ac88cc28c6c30229153", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/saleor/saleor/commit/aeaced8acb5e01055eddec584263f77e517d5944", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/saleor/saleor/security/advisories/GHSA-r6fj-f4r9-36gr", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor 3.2.0 could have PIIs exfiltrated. The issue has been patched in Saleor versions: 3.22.29, 3.21.45, and 3.20.110. To workaround, temporarily block non-staff users from fetching order information (the order() GraphQL query) using a WAF."}, {"lang": "es", "value": "Saleor es una plataforma de comercio electr\u00f3nico. Las versiones 3.2.0 a 3.20.109, 3.21.0-a.0 a 3.21.44 y 3.22.0-a.0 a 3.22.28 tienen una vulnerabilidad de Referencia Directa Insegura a Objeto (IDOR) que permite a actores no autenticados extraer informaci\u00f3n sensible en texto plano. Los pedidos creados antes de Saleor 3.2.0 podr\u00edan haber tenido PIIs exfiltrados. El problema ha sido parcheado en las versiones de Saleor: 3.22.29, 3.21.45 y 3.20.110. Como soluci\u00f3n alternativa, bloquee temporalmente a los usuarios que no son personal de obtener informaci\u00f3n de pedidos (la consulta GraphQL order()) usando un WAF."}], "lastModified": "2026-02-12T16:15:00.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D519693-9F38-49CC-A2AA-7A707AE921C4", "versionEndExcluding": "3.20.110", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD9EA08A-C411-4D72-B4DB-27FAC65202A6", "versionEndExcluding": "3.21.45", "versionStartIncluding": "3.21.0"}, {"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72EB08B2-3E6B-40B7-AFE2-783A7FDDFAA3", "versionEndExcluding": "3.22.29", "versionStartIncluding": "3.22.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}