CVE Catalog

CVE-2026-48011

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

8th percentile — higher than 8% of all known CVEs

Summary

Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack.

Risk Assessment

The ability to disclose administrator usernames increases the risk of unauthorized access to the system. Attackers may use this information to carry out further attacks.

Recommendation

It is recommended to upgrade to versions 6.6.10.18 or 6.7.10.1 to mitigate this vulnerability.

Original NVD description (English source)

Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS