[MEDIUM] CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files

PKSA-qjrw-zc8d-74p2 CVE-2026-39389 GHSA-9rxp-f27p-wv3h

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.31.3.0

Reported by:
GitHub