[MEDIUM] canto-saas-api: Authenticated API requests can be redirected via unencoded path variables

PKSA-j2jj-8zzq-m6yn CVE-2026-55374 GHSA-9qfv-wgh2-m6p8

Affected package: jleehr/canto-saas-api

Affected version: <=2.0.0

Reported by:
GitHub