[HIGH] Shopware Has Improper Control of Generation of Code in Twig rendered views

PKSA-sj7p-kg8p-gg2k CVE-2026-23498 GHSA-7cw6-7h3h-v8pf

Affected version: >=6.7.0.0,<6.7.6.1

Reported by:
GitHub

[MEDIUM] Shopware 6's password recovery link does not expire after email change

PKSA-w3qy-s9h7-2hqr GHSA-2w46-vq8h-98vh

Affected version: >=6.7.0.0,<6.7.4.1|<6.6.10.9

Reported by:
GitHub