[HIGH] Sylius has a Promotion Usage Limit Bypass via Race Condition

PKSA-xqwf-3qbb-njd6 CVE-2026-31824 GHSA-7mp4-25j8-hp5q

Affected package: sylius/sylius

Affected version: >=2.2.0,<=2.2.2|>=2.1.0,<=2.1.11|>=2.0.0,<=2.0.15|>=1.14.0,<=1.14.17|>=1.13.0,<=1.13.14|>=1.12.0,<=1.12.22|>=1.11.0,<=1.11.16|>=1.10.0,<=1.10.15|<=1.9.11

Reported by:
GitHub