[HIGH] Statamic vulnerable to privilege escalation via stored cross-site scripting

PKSA-81wb-3yhb-txs4 CVE-2026-28426 GHSA-5vrj-wf7v-5wr7

Affected package: statamic/cms

Affected version: >=6.0.0-alpha.1,<6.4.0|<5.73.11

Reported by:
GitHub