[LOW] Craft CMS' anonymous "assets/image-editor" calls return private asset editor metadata to unauthorized users

PKSA-w984-dygq-7ryn CVE-2026-33161 GHSA-vgjg-248p-rfm2

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<=4.17.7|>=5.0.0-RC1,<=5.9.13

Reported by:
GitHub