[MEDIUM] CI4MS has a Deactivated User Session Bypass (active=0)

PKSA-cf98-gsv6-bv96 CVE-2026-41891 GHSA-5hfv-c864-qcq9

Affected package: ci4-cms-erp/ci4ms

Affected version: >=0.26.0,<=0.31.7.0

Reported by:
GitHub