Shopware CVE-2026-31887
Lifecycle Timeline
3DescriptionCVE.org
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
AnalysisAI
Shopware is an open commerce platform. versions up to 6.7.8.1 is affected by incorrect authorization.
Technical ContextAI
This vulnerability (CWE-863: Incorrect Authorization) affects Shopware is an open commerce platform.. Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.
Affected ProductsAI
Product: Shopware is an open commerce platform.. Versions: up to 6.7.8.1.
RemediationAI
Fixed in version 6.7.8.1.
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-7vvp-j573-5584