[MEDIUM] Shopware: Admin API ACL Bypass in Order State Transition Endpoints

PKSA-rnpb-7fbj-phyz CVE-2026-48014 GHSA-f8q6-3g5w-jjr6

Affected package: shopware/core

Affected version: <6.6.10.18|>=6.7.0.0,<6.7.10.1

Reported by:
GitHub