[LOW] October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

PKSA-h2tj-db1h-m5mf CVE-2026-29179 GHSA-jvwg-phxx-j3rp

Affected package: october/system

Affected version: <3.7.16|>=4.0.0,<4.1.16

Reported by:
GitHub