[CRITICAL] Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs

PKSA-qjnm-jjkr-qktb CVE-2026-42155 GHSA-2cwr-gcf9-pvxr

Affected package: openmage/magento-lts

Affected version: <=20.17.0

Reported by:
GitHub