How severe is CVE-2026-23498?

CVE-2026-23498 has a CVSS v3 score of 7.2 (HIGH).

CVE-2026-23498

7.2HIGH

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(..

Publicado: 1/14/2026Atualizado: 1/14/2026

Descrição

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.

Análise IADesenvolvido por IA

Referências

https://github.com/shopware/shopware/commit/3966b05590e29432b8485ba47b4fcd14dd0b8475
https://github.com/shopware/shopware/security/advisories/GHSA-7cw6-7h3h-v8pf