[CRITICAL] Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()

PKSA-s8c8-j6wr-t4ds CVE-2026-32267 GHSA-cc7p-2j3x-x7xf

Affected package: craftcms/cms

Affected version: >=5.0.0-RC1,<=5.9.11|>=4.0.0-RC1,<=4.17.5

Reported by:
GitHub