[HIGH] Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints

PKSA-hhnz-p4k9-sfyd CVE-2026-44174 GHSA-86rh-h242-j8xp

Affected package: getkirby/cms

Affected version: >=5.0.0,<=5.4.0|<=4.9.0

Reported by:
GitHub