Timing Attack Vulnerability in Shopware Open Commerce Platform
CVE-2026-48011

3.7LOW

Key Information:

Vendor

Shopware

Status
Vendor
CVE Published:
10 June 2026

What is CVE-2026-48011?

An exploit in the Shopware Open Commerce Platform allows attackers to perform timing attacks to enumerate the usernames of administrator users. This vulnerability affects versions prior to 6.6.10.18 and 6.7.10.1. The releases address this issue, reinforcing the security of user credentials and safeguarding against unauthorized access.

Affected Version(s)

shopware >= 6.7.0.0, < 6.7.10.1 < 6.7.0.0, 6.7.10.1

shopware < 6.6.10.18 < 6.6.10.18

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.