[MEDIUM] Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

PKSA-jd1d-xg2h-yr6f CVE-2026-25492 GHSA-96pq-hxpw-rgh8

Affected version: >=3.5.0,<=4.16.17|>=5.0.0-RC1,<=5.8.21

Reported by:
GitHub