[CRITICAL] Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header

PKSA-h8zr-vfb5-1d5r CVE-2026-54003 GHSA-whxw-24jc-cwmv

Affected package: getkirby/cms

Affected version: >=5.0.0-alpha.1,<=5.4.3|<=4.9.3

Reported by:
GitHub