PT-2026-25031 · Swag · Platform-Security
Amenk
·
Published
2026-03-12
·
Updated
2026-03-12
·
CVE-2026-32100
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Shopware versions prior to 2.0.16
Shopware versions prior to 3.0.12
Shopware versions prior to 4.0.7
Description
The
/api/ info/config API endpoint exposes information about active security fixes. This allows potential attackers to gain insights into the security posture of the Shopware platform.Recommendations
Update to Shopware version 2.0.16 or later.
Update to Shopware version 3.0.12 or later.
Update to Shopware version 4.0.7 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Platform-Security