[HIGH] Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

PKSA-g2n6-j3mn-x8xf CVE-2026-25498 GHSA-7jx7-3846-m7w7

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<=4.16.17|>=5.0.0-RC1,<=5.8.21

Reported by:
GitHub