CVE-2026-23499
CVE-2026-23499 affects Saleor prior to fixes: versions 3.20.108, 3.21.43, and 3.22.27 contain a file-upload vulnerability allowing authenticated staff or Apps to upload arbitrary HTML/SVG files. If media is served from the same domain as the dashboard and Content-Disposition: attachment header is...