Shopware API Discloses Sensitive License Information to Attackers

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Shopware API Discloses Sensitive License Information to Attackers

CVE-2026-32142

Summary

Shopware's API reveals sensitive license details, potentially exposing your business's intellectual property. This allows unauthorized access to information that could be used to exploit your business. Update to Shopware 7.8.1 or 6.10.15 to fix this issue.

Original title

Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15.

Original description

Shopware is an open commerce platform. /api/_info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15.

nvd CVSS3.1 5.3

Vulnerability type

CWE-200 Information Exposure

https://github.com/shopware/shopware/security/advisories/GHSA-gvmv-9f74-mhwp

Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026