CVE-2026-48016 | Shopware prior 6.6.10.18/6.7.10.1 Store API Endpoint HandlePaymentMethodRoute.php orderId improper authentication
A vulnerability was found in Shopware. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php of the component Store API Endpoint. This manipulation of the argument orderId causes improper authentication.
This vulnerability is tracked as CVE-2026-48016. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More