VDB
KO

PYSEC-2026-696

Information disclosure vulnerability in OnionShare

Details

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / onionshare-cli
Introduced in: 2.3 Fixed in: 2.4
Fix pip install --upgrade 'onionshare-cli>=2.4'

References