What is CVE-2026-31889?

CVE-2026-31889 is a high-severity vulnerability in Shopware Core, classified under Authentication Bypass by Spoofing. CVSS score: 8.9/10. Published 2026-03-11.

How severe is CVE-2026-31889?

High severity. CVSS v3 base score is 8.9 out of 10.

Vulnerability in Shopware Core

CVE-2026-31889

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and a…

EPSS: 0.001 (26.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.9 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L.

Affected products

Shopware Core — versions >= 6.7.0.0, < 6.7.8.1, < 6.6.10.15
Shopware Platform — versions >= 6.7.0.0, < 6.7.8.1, < 6.6.10.15

Weakness classification (CWE)

CWE-290 — Authentication Bypass by Spoofing

References

https://github.com/shopware/shopware/security/advisories/GHSA-c4p7-rwrg-pf6p (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-31889?: CVE-2026-31889 is a high-severity vulnerability in Shopware Core, classified under Authentication Bypass by Spoofing. CVSS score: 8.9/10. Published 2026-03-11.
How severe is CVE-2026-31889?: High severity. CVSS v3 base score is 8.9 out of 10.