Vulnerability Details CVE-2026-23498
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.9%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2026-23498
-
cpe:2.3:a:shopware:shopware:6.7.0.0
-
cpe:2.3:a:shopware:shopware:6.7.0.1
-
cpe:2.3:a:shopware:shopware:6.7.1.0
-
cpe:2.3:a:shopware:shopware:6.7.1.1
-
cpe:2.3:a:shopware:shopware:6.7.1.2
-
cpe:2.3:a:shopware:shopware:6.7.2.0
-
cpe:2.3:a:shopware:shopware:6.7.2.1
-
cpe:2.3:a:shopware:shopware:6.7.2.2
-
cpe:2.3:a:shopware:shopware:6.7.3.0
-
cpe:2.3:a:shopware:shopware:6.7.3.1
-
cpe:2.3:a:shopware:shopware:6.7.4.0
-
cpe:2.3:a:shopware:shopware:6.7.4.1
-
cpe:2.3:a:shopware:shopware:6.7.4.2
-
cpe:2.3:a:shopware:shopware:6.7.5.0
-
cpe:2.3:a:shopware:shopware:6.7.5.1
-
cpe:2.3:a:shopware:shopware:6.7.6.0