CVE-2026-31887 — HIGH (7.5)

Q: How severe is CVE-2026-31887?

CVE-2026-31887 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-31887?

Check the references section above for vendor advisories and patch information. Affected products include: Shopware Shopware.

Vulnerability Description

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Shopware	Shopware	< 6.6.10.15

Related Weaknesses (CWE)

CWE-863

References

https://github.com/shopware/shopware/security/advisories/GHSA-7vvp-j573-5584Vendor Advisory

FAQ

What is CVE-2026-31887?

CVE-2026-31887 is a vulnerability with a CVSS score of 7.5 (HIGH). Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part ...

How severe is CVE-2026-31887?

CVE-2026-31887 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-31887?

Check the references section above for vendor advisories and patch information. Affected products include: Shopware Shopware.