🔍 HIGH severity: CVE-2026-27127 in Craft CMS (4.5.0-RC1 – 4.16.18, 5.0.0-RC1 – 5.8.22) enables DNS rebinding via TOCTOU in GraphQL Asset mutation. Patch to 4.16.19/5.8.23+ & review GraphQL permissions. https://radar.offseq.com/threat/cve-2026-27127-cwe-367-time-of-check-time-of-use-t-5842a733 #OffSeq #CraftCMS #SSRF #Vuln