[HIGH] Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs

PKSA-skzr-by55-tmc5 CVE-2026-28425 GHSA-cpv7-q2wx-m8rw

Affected package: statamic/cms

Affected version: >=6.0.0-alpha.1,<6.4.0|<5.73.11

Reported by:
GitHub