[HIGH] Kirby: `pages.access` permission is not checked in the `site/find` REST API route

PKSA-jpkc-34xj-4vfy CVE-2026-54005 GHSA-r3w8-2c5r-h9j9

Affected package: getkirby/cms

Affected version: >=5.0.0-alpha.1,<=5.4.3|<=4.9.3

Reported by:
GitHub