CVE-2025-58442

Name of the Vulnerable Software and Affected Versions: Saleor versions 3.21.0 through 3.21.15

Description: Saleor is an e-commerce platform. Requesting certain fields in the response of the accountRegister API endpoint may reveal whether a user with a provided email address already exists in the system. This could potentially expose user account information. As a workaround, rate-limiting the mutation is recommended to reduce the impact.

Recommendations: Update to version 3.21.16 or later. Rate-limit the accountRegister mutation.