[HIGH] CI4MS Vulnerable to .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

PKSA-rh74-dqx1-j9wm CVE-2026-39394 GHSA-vfhx-5459-qhqh

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.31.3.0

Reported by:
GitHub