[HIGH] Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

PKSA-wvkx-qqd9-sqb6 CVE-2026-42548 GHSA-fcx8-ph5r-mxr4

Affected package: flightphp/core

Affected version: <3.18.1

Reported by:
GitHub