[HIGH] Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior

PKSA-7b21-z11x-97gc CVE-2026-44011 GHSA-qrgm-p9w5-rrfw

Affected package: craftcms/cms

Affected version: >=5.0.0,<5.9.18|>=4.0.0,<4.17.12

Reported by:
GitHub