[MEDIUM] CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

PKSA-72bz-jm9q-1sgn CVE-2026-25509 GHSA-654x-9q7r-g966

Affected package: ci4-cms-erp/ci4ms

Affected version: <0.28.5.0

Reported by:
GitHub