CVE-2026-23498

High CVSS: 7.2

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.

Vendor

Shopware

Product

Shopware

CWE

CWE-94

Yayın Tarihi

2026-01-14 19:16:48

Güncelleme

2026-01-28 17:17:16

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 Shopware HIGH Shopware 2026

Referanslar

https://github.com/shopware/shopware/commit/3966b05590e29432b8485ba47b4fcd14dd0b8475 https://github.com/shopware/shopware/security/advisories/GHSA-7cw6-7h3h-v8pf

Benzer Kayıtlar

High

CVE-2026-31889

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration…

Medium

CVE-2026-31888

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/acc…

High

CVE-2026-31887

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for una…

High

CVE-2025-67648

Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XS…

Medium

CVE-2025-7954

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attack…

Medium

CVE-2025-51541

A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/d…