Shopware CVE-2026-32142
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15.
AnalysisAI
Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. [CVSS 5.3 MEDIUM]
Technical ContextAI
Classified as CWE-200 (Information Exposure). Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15.
Affected ProductsAI
Fixed in: 7
RemediationAI
Fixed in version 7.8.1. Restrict network access to the affected service where possible.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today