[HIGH] Kirby has Server-Side Template Injection (SSTI) via double template resolution in option rendering

PKSA-w67s-1md9-r7dk CVE-2026-34587 GHSA-jcjw-58rv-c452

Affected package: getkirby/cms

Affected version: >=5.0.0,<5.4.0|<4.9.0

Reported by:
GitHub