CVE-2026-31887

High CVSS: 8.9

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

Vendor

Shopware

Product

Shopware

CWE

CWE-863

Yayın Tarihi

2026-03-11 19:16:04

Güncelleme

2026-03-16 20:39:53

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Shopware HIGH Shopware 2026

Referanslar

https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584

Benzer Kayıtlar

High

CVE-2026-31889

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration…

Medium

CVE-2026-31888

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/acc…

High

CVE-2026-23498

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array a…

High

CVE-2025-67648

Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XS…

Medium

CVE-2025-7954

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attack…

Medium

CVE-2025-51541

A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/d…