CVE-2026-23498

Name of the Vulnerable Software and Affected Versions Shopware versions 6.7.0.0 through 6.7.6.0

Description The software contains a flaw due to a regression of a previous fix, allowing the execution of unchecked PHP Closures within the map() override function. This could potentially lead to remote code execution. The issue stems from an insufficient allow list check for PHP Closures used in the map() function.

Recommendations Update to version 6.7.6.1 or later. Install the security plugin.