[MEDIUM] Craft CMS: Entries Authorship Spoofing via Mass Assignment

PKSA-zp4z-c8gp-zpww CVE-2026-28781 GHSA-2xfc-g69j-x2mp

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<4.17.0-beta.1|>=5.0.0-RC1,<5.9.0-beta.1

Reported by:
GitHub