CVE-2026-32142

Summary

Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15.

Affected Software

VendorProductVersion RangeStatus
shopwarecommercial>= 7.0.0, < 7.8.1affected
shopwarecommercial< 6.10.15affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References