[MEDIUM] Craft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR)

PKSA-548y-fsbg-y9t7 CVE-2026-33158 GHSA-3pvf-vxrv-hh9c

Affected package: craftcms/cms

Affected version: >=5.0.0-RC1,<=5.9.13|>=4.0.0-RC1,<=4.17.7

Reported by:
GitHub