Home > Vulnerability Database > CVE-2026-23498

Mend.io Vulnerability Database

CVE-2026-23498

Good to know:

Date: January 14, 2026

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.

Severity Score

7.2

Related Resources (6)

Url: https://github.com/advisories/GHSA-7v2v-9rm4-7m8f

Url: https://github.com/shopware/shopware/commit/3966b05590e29432b8485ba47b4fcd14dd0b8475

Url: https://github.com/shopware/shopware/security/advisories/GHSA-7cw6-7h3h-v8pf

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-23498

Url: https://github.com/shopware/shopware

Url: https://www.mend.io/vulnerability-database/CVE-2026-23498

Severity Score

7.2

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version https://github.com/shopware/shopware.git - v6.7.6.1

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-23498

Good to know:

Date: January 14, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?