Shopware Exposes Sensitive Security Fix Information

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Shopware Exposes Sensitive Security Fix Information

CVE-2026-32100

Summary

The Shopware platform accidentally shares information about security fixes, which could be exploited by attackers. This information could be used to plan and prepare for attacks. Update to a fixed version, such as 2.0.16, 3.0.12, or 4.0.7, to resolve the issue.

Original title

Shopware is an open commerce platform. /api/_info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7.

Original description

Shopware is an open commerce platform. /api/_info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7.

nvd CVSS3.1 5.3

Vulnerability type

CWE-200 Information Exposure

https://github.com/shopware/shopware/security/advisories/GHSA-64rg-pgjv-4v33

Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026