[HIGH] Kirby: Self cross-site scripting (self-XSS) in the writer field

PKSA-hnr2-vddk-p4gy CVE-2026-49276 GHSA-rhj6-r49h-5932

Affected package: getkirby/cms

Affected version: >=5.0.0-alpha.1,<=5.4.3|<=4.9.3

Reported by:
GitHub