[HIGH] Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

PKSA-882j-k212-wjbf CVE-2026-45162 GHSA-36fc-7wjg-mfvj

Affected package: pimcore/pimcore

Affected version: <=12.3.6

Reported by:
GitHub