SVG File Upload Vulnerability in Shopware Open Commerce Platform
CVE-2026-48015
4.9MEDIUM
What is CVE-2026-48015?
Shopware is an open commerce platform that, prior to versions 6.6.10.18 and 6.7.10.1, allowed the upload of SVG files without proper content sanitization. This vulnerability allows malicious JavaScript embedded within SVG files to execute in the Shopware domain, potentially compromising the security of the website when such files are viewed. The issue has been addressed in the specified updates, reinforcing the importance of securing file uploads within web applications.
Affected Version(s)
platform < 6.6.10.18 < 6.6.10.18
platform >= 6.7.0.0, < 6.7.10.1 < 6.7.0.0, 6.7.10.1
shopware < 6.6.10.18 < 6.6.10.18
