CVE-2026-39389
Summary: CVE-2026-39389 affects CI4MS (CodeIgniter 4 CMS skeleton) via a hidden-items authorization bypass in the Fileeditor module. Public docs show that hiddenItems (e.g., .env, composer.json, vendor/, etc.) are enforced only in listing; readFile() allows reading any file under ROOTPATH, and sa...