10 matches found
CVE-2026-23498
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
CVE-2026-23498
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
EUVD-2026-2421
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
CVE-2026-23498
CVE-2026-23498 affects Shopware Open Commerce Platform versions 6.7.0.0–6.7.6.0, where a regression of CVE-2023-2017 allows an array/array-crafted PHP Closure not checked against the allow list during the map(...) override. The issue is triggered in Twig-rendered views and can lead to code genera...
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
CVE-2026-23498
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
GHSA-7CW6-7H3H-V8PF Shopware Has Improper Control of Generation of Code in Twig rendered views
Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...
PT-2026-2949
Name of the Vulnerable Software and Affected Versions Shopware versions 6.7.0.0 through 6.7.6.0 Description A regression of a previously addressed issue allows the execution of unchecked PHP Closures within the map override function. This occurs due to insufficient validation of allowed functions...