[CVE-2026-23498]Shopware vulnerability

The Daily Cyberspace Information

Jan 15 2026 | 00:00:51

00:00 / 00:00:51

Show Notes

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1.

Episode Transcript

CVE-2026-23498 Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map(...) override. This vulnerability is fixed in 6.7.6.1. Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map(...) override.

Other Episodes

Episode

January 09, 2026 • 00:00:57

Caught a cold

Episode

January 16, 2026 • 00:03:09

Multiple vulnerabilities have been reported in WordPress and its plugins.

I intend to monitor these vulnerabilities going forward. Should the situation change, I will publish updates. The following vulnerabilities are covered. For details, please...

Episode

January 12, 2026 • 00:04:19

The Apache Software Foundation has released Apache HTTP Server 2.4.66.

The Apache Software Foundation has released Apache HTTP Server 2.4.66 to address multiple vulnerabilities in the Apache HTTP Server 2.4 series.