Security Advisory

CVE-2026-33756

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-08 17:07:57

Last updated 2026-04-08 18:42:28

Assigner GitHub_M

State PUBLISHED

Description

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasnt enforcing any upper limit on the number of operations. This allowed an unauthenticated attacker to send a single HTTP request many operations (bypassing the per query complexity limit) to exhaust resources. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118.

← Browse all CVEs View on cve.org ↗