CVE-2026-31887

2026-03-11 [email protected] GHSA-7vvp-j573-5584

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:07 vuln.today
CVE Published
Mar 11, 2026 - 19:16 nvd
N/A

Tags

Authentication Bypass

Description

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

Analysis

Shopware is an open commerce platform. versions up to 6.7.8.1 is affected by incorrect authorization.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2026-31887 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy