[MEDIUM] CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations

PKSA-x2rt-sj8n-h21z CVE-2026-45139 GHSA-245j-xjvr-xvm5

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.31.8.0

Reported by:
GitHub