[MEDIUM] Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

PKSA-xbrd-fvys-3t24 CVE-2026-48010 GHSA-v39m-97p8-gqg7

Affected package: shopware/platform

Affected version: <6.6.10.18|>=6.7.0.0,<6.7.10.1

Reported by:
GitHub