[CRITICAL] CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

PKSA-217t-qqjr-nkt3 CVE-2026-48062 GHSA-2gr4-ppc7-7mhx

Affected version: <4.7.2

Reported by:
GitHub