5 matches found
CVE-2026-31888
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...
GHSA-GQC5-XV7M-GCJQ Shopware has user enumeration via distinct error codes on Store API login endpoint
Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...
CVE-2026-31888
Shopware’s Store API login (POST /store-api/account/login) before versions 6.7.8.1 and 6.6.10.15 exposes a user enumeration flaw: it returns different error codes for a registered email vs. an unknown email and echoes the probed address, while the storefront login unifies errors. This inconsisten...
CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...
CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...