Primary

Context

Shopware Information Disclosure Vulnerability in Security Plugin

Vulnerability

Patched

A vulnerability in the Shopware security plugin allows for information disclosure by exposing active security fixes through the `/api/_info/config` route. This could lead to an unwanted exposure of the system's state. The vulnerability affects Shopware versions 4.0.0 prior to 4.0.7, 3.0.0 prior to 3.0.12, and versions prior to 2.0.16.

Impact

The vulnerability could result in unauthorized information disclosure, revealing details about active security fixes and potentially the system's state.

Remediation

Users can upgrade to Shopware versions 4.0.7, 3.0.12, or 2.0.16 to address this vulnerability.

Added: Mar 12, 2026, 6:22 PM

Updated: Mar 12, 2026, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

7.2

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

7.2

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shopware Information Disclosure Vulnerability in Security Plugin

Vulnerability

Impact

Remediation

Affected Products

Shopware

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating