[MEDIUM] Statamic CMS vulnerable to email enumeration via forgot password endpoint

PKSA-ynr1-y6st-8cwm CVE-2026-44306 GHSA-m24v-f7g5-gq67

Affected package: statamic/cms

Affected version: >=6.0.0,<6.15.0|<5.73.21

Reported by:
GitHub