Skip to main content

Shopware CVE-2026-31887

Incorrect Authorization (CWE-863)
2026-03-11 security-advisories@github.com GHSA-7vvp-j573-5584

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:07 vuln.today
CVE Published
Mar 11, 2026 - 19:16 nvd
N/A

DescriptionCVE.org

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

AnalysisAI

Shopware is an open commerce platform. versions up to 6.7.8.1 is affected by incorrect authorization.

Technical ContextAI

This vulnerability (CWE-863: Incorrect Authorization) affects Shopware is an open commerce platform.. Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

Affected ProductsAI

Product: Shopware is an open commerce platform.. Versions: up to 6.7.8.1.

RemediationAI

Fixed in version 6.7.8.1.

Share

CVE-2026-31887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy