Primary

Context

Shopware Information Disclosure Vulnerability in License Management

Vulnerability

Patched

An information disclosure vulnerability has been identified in Shopware's commercial package, specifically in versions 7.0.0 prior to 7.8.1 and versions prior to 6.10.15. The vulnerability arises because the '/api/_info/config' route exposes sensitive information about activated licenses and features. This could lead to an unwanted exposure of the system's state.

Impact

Exploitation of this vulnerability could result in unauthorized access to license information and features, potentially revealing the system's state and configuration.

Remediation

Users can upgrade to Shopware versions 7.8.1 or 6.10.15 to address this vulnerability.

Added: Mar 12, 2026, 7:25 PM

Updated: Mar 12, 2026, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

8.3

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

8.3

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shopware Information Disclosure Vulnerability in License Management

Vulnerability

Impact

Remediation

Affected Products

Shopware

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating