[HIGH] CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

PKSA-9rch-wbbh-7nr6 CVE-2026-41249 GHSA-q58j-g3f4-h26h

Affected package: coreshop/core-shop

Affected version: =5.0.0

Reported by:
GitHub