CVE-2026-48011

LOW NVD

CVSS Score 3.7

Severity LOW

Published Jun 10, 2026

Vendor unknown

Description

Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue.

References

https://github.com/shopware/shopware/releases/tag/v6.6.10.18
https://github.com/shopware/shopware/releases/tag/v6.7.10.1
https://github.com/shopware/shopware/security/advisories/GHSA-7w52-7jvm-m9vw