[MEDIUM] Statamic's live preview token bypasses content protection for unrelated entries

PKSA-tg1h-vfwx-wzp9 CVE-2026-33884 GHSA-8vwx-ccf6-5wg2

Affected package: statamic/cms

Affected version: >=6.0.0-alpha.1,<6.7.2|<5.73.16

Reported by:
GitHub