race-condition

Bypassing Promotion Logic in Sylius via Race Condition.

Deep dive into CVE-2026-31824: Exploiting Time-of-Check to Time-of-Use (TOCTOU) race condition in Sylius 2.3 allowing attackers to bypass promotion coupon usage limits.