top of page
perceptive_background_267k.jpg

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked…

Published:

13 January 2026 at 23:00:00

Alert date:

14 January 2026 at 20:01:57

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

Shopware open commerce platform contains a vulnerability from version 6.7.0.0 to before 6.7.6.1 that represents a regression of CVE-2023-2017. The vulnerability involves crafted PHP Closures not being properly checked against an allow list for the map() override function. This security flaw allows potential code execution through improper validation of PHP closures. The issue has been addressed in version 6.7.6.1 with proper fixes implemented.

Technical details

Mitigation steps:

Affected products:

Shopware

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-23498
https://github.com/shopware/shopware/commit/3966b05590e29432b8485ba47b4fcd14dd0b8475
https://github.com/shopware/shopware/security/advisories/GHSA-7cw6-7h3h-v8pf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page