CVE-2026-32100

Summary

Shopware is an open commerce platform. /api/_info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7.

Affected Software

VendorProductVersion RangeStatus
swagplatform-security>= 4.0.0, < 4.0.7affected
swagplatform-security>= 3.0.0 < 3.0.12affected
swagplatform-security< 2.0.16affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References