[MEDIUM] Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential

PKSA-3yh1-q236-qg5b CVE-2026-33885 GHSA-7f74-7q5w-hj4r

Affected package: statamic/cms

Affected version: >=6.0.0.alpha.1,<6.7.2|<5.73.16

Reported by:
GitHub