[MEDIUM] Shopware: Admin Account Takeover via User Recovery Hash Exposure

PKSA-tk1x-h875-8y1s CVE-2026-48009 GHSA-8v9p-g828-v98f

Affected package: shopware/platform

Affected version: <6.6.10.18|>=6.7.0.0,<6.7.10.1

Reported by:
GitHub