PYSEC-2026-696

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/onionshare-cli/PYSEC-2026-696.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-696
Aliases
Published
2026-07-02T14:13:13.896919Z
Modified
2026-07-06T08:00:49.185608625Z
Summary
Information disclosure vulnerability in OnionShare
Details

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.

References

Affected packages

PyPI / onionshare-cli

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.3
Fixed
2.4

Affected versions

2.*
2.3
2.3.1
2.3.2
2.3.3

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/onionshare-cli/PYSEC-2026-696.yaml"