[HIGH] SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

PKSA-4zw8-rhj7-ftzt CVE-2026-46491 GHSA-jrrg-99xh-5j2q

Affected version: <=7.0.2

Reported by:
GitHub