top of page
perceptive_background_267k.jpg

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked…

Published:

13 januari 2026 om 23:00:00

Alert date:

14 januari 2026 om 20:01:57

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

Shopware open commerce platform contains a vulnerability from version 6.7.0.0 to before 6.7.6.1 that represents a regression of CVE-2023-2017. The vulnerability involves crafted PHP Closures not being properly checked against an allow list for the map() override function. This security flaw allows potential code execution through improper validation of PHP closures. The issue has been addressed in version 6.7.6.1 with proper fixes implemented.

Technical details

Mitigation steps:

Affected products:

Shopware

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-23498
https://github.com/shopware/shopware/commit/3966b05590e29432b8485ba47b4fcd14dd0b8475
https://github.com/shopware/shopware/security/advisories/GHSA-7cw6-7h3h-v8pf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page