216.73.217.64

CVE-2026-23498

· Published 14/01/2026 19:16 · Modified 14/01/2026 19:16

Labels: CVE-2026-23498 2026-01-14CVE-2026-23498CWE-94[email protected]

Essential information

Published
14/01/2026 19:16
Modified
14/01/2026 19:16
Author
Creator
CVSS
7.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
shopware / shopware cpe:2.3:a:shopware:shopware:6.7.0.0-6.7.6.0:*:*:*:*:*:*:*
shopware / shopware cpe:2.3:a:shopware:shopware:<6.7.6.1:*:*:*:*:*:*:*

References