CVE-2026-48010 | Shopware prior 6.6.10.18/6.7.10.1 User Controller UserController.php upsertUser admin permission

SecurityVulns

A vulnerability was found in Shopware. It has been classified as critical. Affected is the function upsertUser of the file src/Core/Framework/Api/Controller/UserController.php of the component User Controller. The manipulation of the argument admin leads to permission issues.

This vulnerability is referenced as CVE-2026-48010. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More