[HIGH] CraftCMS has an RCE vulnerability via relational conditionals in the control panel

PKSA-w79g-q9vy-mw7b CVE-2026-31857 GHSA-fp5j-j7j4-mcxc

Affected package: craftcms/cms

Affected version: >=4.0.0-beta.1,<=4.17.3|>=5.0.0-RC1,<=5.9.8

Reported by:
GitHub