Back to CVE List

CVE-2026-41249

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.2 / 10

Vulnerability Description

CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Vulnerability Details

Published Date

May 14, 2026

Last Modified

May 14, 2026

Source

GitHub

Vendor

composer

Product

coreshop/core-shop

External References

Discussion (0)

Add Comment

No comments yet. Be the first!