shopware/core Security Advisories for v6.6.10.10 (3)
-
[HIGH] Shopware vulnerable to a potential take over of app credentials
PKSA-fyfg-936j-xtjc CVE-2026-31889 GHSA-c4p7-rwrg-pf6p
Affected version: <6.6.10.15|>=6.7.0.0,<6.7.8.1
Reported by:
GitHub -
[MEDIUM] Shopware has user enumeration via distinct error codes on Store API login endpoint
PKSA-cck7-yytv-pqc6 CVE-2026-31888 GHSA-gqc5-xv7m-gcjq
Affected version: <6.6.10.15|>=6.7.0.0,<6.7.8.1
Reported by:
GitHub -
[HIGH] Shopware: Unauthenticated data extraction possible through store-api.order endpoint
PKSA-1d39-xhww-sgwf CVE-2026-31887 GHSA-7vvp-j573-5584
Affected version: <6.6.10.15|>=6.7.0.0,<6.7.8.1
Reported by:
GitHub