[HIGH] Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

PKSA-ycmx-j7s8-wyxz CVE-2026-27127 GHSA-gp2f-7wcm-5fhx

Affected package: craftcms/cms

Affected version: >=3.5.0,<=4.16.18|>=5.0.0-RC1,<=5.8.22

Reported by:
GitHub