[MEDIUM] Craft CMS has Twig Function Blocklist Bypass

PKSA-x1f7-3vrt-jvfj CVE-2026-28783 GHSA-5fvc-7894-ghp4

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<4.17.0-beta.1|>=5.0.0-RC1,<5.9.0-beta.1

Reported by:
GitHub