[HIGH] Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users

PKSA-xfmk-zmw2-3qhw CVE-2026-21449 GHSA-mqhg-v22x-pqj8

Affected package: bagisto/bagisto

Affected version: <2.3.10

Reported by:
GitHub