[HIGH] Laravel Passport: TokenGuard Authenticates Unrelated User for Client Credentials Tokens

PKSA-wc55-9qj2-7v4h CVE-2026-39976 GHSA-349c-2h2f-mxf6

Affected package: laravel/passport

Affected version: >=13.0.0,<13.7.1

Reported by:
GitHub