[HIGH] Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass

PKSA-w12s-8pdm-4hrq CVE-2026-42551 GHSA-vxrr-w42w-w76g

Affected package: flightphp/core

Affected version: <3.18.1

Reported by:
GitHub