CVE-2026-23498: Shopware 6: Mapping Your Way to RCE via Twig Type Juggling
Shopware 6: Mapping Your Way to RCE via Twig Type Juggling
Vulnerability ID: CVE-2026-23498
CVSS Score: 9.8
Published: 2026-01-14
A critical logic flaw in Shopware 6's Twig SecurityExtension allows attackers to bypass the function allowlist. By lev...
cvereports.hashnode.dev2 min read