A vulnerability was found in Shopware. It has been declared as critical. Affected by this vulnerability is the function StateMachineRegistry::transition of the file src/Core/Checkout/Order/Api/OrderActionController.php of the component Order State Transition. The manipulation results in state issue.

This vulnerability is identified as CVE-2026-48014. The attack can be executed remotely. There is not any exploit available.