[HIGH] symfony/ux-toolkit Path Traversal allows arbitrary file write and read via crafted recipe manifest

PKSA-hmn2-9g3k-g9mr CVE-2026-55878 GHSA-p9xj-fpr2-jf2q

Affected version: >=2.32.0,<2.36.1|>=3.0.0,<3.2.0

Reported by:
GitHub, FriendsOfPHP/security-advisories