A vulnerability was found in Shopware. It has been classified as critical. Affected is the function upsertUser of the file src/Core/Framework/Api/Controller/UserController.php of the component User Controller. The manipulation of the argument admin leads to permission issues.

This vulnerability is referenced as CVE-2026-48010. Remote exploitation of the attack is possible. No exploit is available.