CVE-2026-48011

Published Jun 10, 2026

Last updated 3 days ago

CVSS low 3.7

Overview

Description
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue.
Source
security-advisories@github.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.7
Impact score
1.4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
LOW

Weaknesses

security-advisories@github.com
CWE-208

Social media

Hype score
Not currently trending

References

Sources include official advisories and independent security research.