CVE-2026-48011
3.7 LOWShopware is an open commerce platform
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-208
Description
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48859 — Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enum...
- CVE-2026-5419 — A flaw was found in gnutls (3.7 LOW)
- CVE-2026-45410 — TREK is a collaborative travel planner (5.3 MEDIUM)
- CVE-2026-5091 — Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks
- CVE-2026-44061 — Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authen... (5.9 MEDIUM)