HIGH
coreshop
CVE published 2026-06-04
CVE-2026-41249
CVE-2026-41249 is a high-severity vulnerability in CoreShop, a Pimcore enhanced eCommerce solution. The vulnerability allows for Remote Code Execution (RCE) via a malicious Pull Request. CoreShop versions 5.0.1 through 5.1.0-beta.1 are affected. The GitHub Actions workflow (.github/workflows/static.yml) uses the pull_request_target trigger but dangerously checks out the unverified code from the pull reque [truncated]