How severe is CVE-2026-23498?

CVE-2026-23498 has a CVSS v3 score of 7.2 (HIGH).

CVE-2026-23498

7.2HIGH

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(..

Veröffentlicht: 1/14/2026Aktualisiert: 1/14/2026

Beschreibung

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.

KI-AnalyseKI-gestützt

Referenzen

https://github.com/shopware/shopware/commit/3966b05590e29432b8485ba47b4fcd14dd0b8475
https://github.com/shopware/shopware/security/advisories/GHSA-7cw6-7h3h-v8pf