CVE-2026-31887

EPSS 0.24%
Veröffentlicht 11.03.2026 18:49:46
Zuletzt bearbeitet 16.03.2026 20:39:53
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Shopware unauthenticated data extraction possible through store-api.order endpoint

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shopware ≫ Shopware Version < 6.6.10.15

Shopware ≫ Shopware Version >= 6.7.0.0 < 6.7.8.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	8.9	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-31887

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31887

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31887

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31887