CVE-2026-31887 | THREATINT

Description

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

PUBLISHED Reserved 2026-03-09 | Published 2026-03-11 | Updated 2026-03-12 | Assigner GitHub_M

HIGH: 8.9CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-863: Incorrect Authorization

Product status

>= 6.7.0.0, < 6.7.8.1

affected

< 6.6.10.15

affected

>= 6.7.0.0, < 6.7.8.1

affected

< 6.6.10.15

affected

References

github.com/...opware/security/advisories/GHSA-7vvp-j573-5584

cve.org (CVE-2026-31887)

nvd.nist.gov (CVE-2026-31887)

Download JSON

help @ threatint.eu