[MEDIUM] Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via Alternative IP Notation

PKSA-jsy4-k6z3-fcjb CVE-2026-25494 GHSA-m5r2-8p9x-hp5m

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<=4.16.17|>=5.0.0-RC1,<=5.8.21

Reported by:
GitHub