[MEDIUM] Craft CMS has Stored XSS in Table Field via "HTML" Column Type

PKSA-knkq-h2rk-yc48 CVE-2026-27126 GHSA-3jh3-prx3-w6wc

Affected package: craftcms/cms

Affected version: >=5.0.0-RC1,<=5.8.22|>=4.5.0-RC1,<=4.16.18

Reported by:
GitHub