[MEDIUM] Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via HTTP Redirect

PKSA-1dbt-xzgs-7gw8 CVE-2026-25493 GHSA-8jr8-7hr4-vhfx

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<=4.16.17|>=5.0.0-RC1,<=5.8.21

Reported by:
GitHub