[MEDIUM] Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit

PKSA-k33k-b5qw-yqgp CVE-2026-27128 GHSA-6fx5-5cw5-4897

Affected package: craftcms/cms

Affected version: >=5.0.0-RC1,<=5.8.22|>=4.5.0-RC1,<=4.16.18

Reported by:
GitHub