Timing Attack Vulnerability in Shopware Open Commerce Platform
CVE-2026-48011
3.7LOW
What is CVE-2026-48011?
An exploit in the Shopware Open Commerce Platform allows attackers to perform timing attacks to enumerate the usernames of administrator users. This vulnerability affects versions prior to 6.6.10.18 and 6.7.10.1. The releases address this issue, reinforcing the security of user credentials and safeguarding against unauthorized access.
Affected Version(s)
shopware >= 6.7.0.0, < 6.7.10.1 < 6.7.0.0, 6.7.10.1
shopware < 6.6.10.18 < 6.6.10.18
