PT-2026-31391 · Saleor · Saleor
Published
2026-04-08
·
Updated
2026-04-08
·
CVE-2026-35401
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Saleor versions 2.0.0 through 3.22.47, 3.21.54, and 3.20.118
Description
A malicious actor can include numerous GraphQL mutations or queries within a single API call by utilizing aliases or chaining multiple mutations. This can lead to resource exhaustion.
Recommendations
Update to version 3.23.0a3 or later. Update to version 3.22.47 or later. Update to version 3.21.54 or later. Update to version 3.20.118 or later.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Saleor