[HIGH] CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

PKSA-srvq-v3bs-mj79 CVE-2026-34572 GHSA-8fq3-c5w3-pj3q

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.28.6.0

Reported by:
GitHub