[HIGH] Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior

PKSA-twkq-r2c1-87qq CVE-2026-33157 GHSA-2fph-6v5w-89hh

Affected package: craftcms/cms

Affected version: >=5.6.0,<=5.9.12

Reported by:
GitHub