[CRITICAL] Formie: Pre-authenticated server-side template injection in Hidden fields

PKSA-snft-3cv8-v5p5 CVE-2026-45697 GHSA-x7m9-mwc2-g6w2

Affected package: verbb/formie

Affected version: <2.2.20|>=3.0.0-beta.1,<3.1.24

Reported by:
GitHub