[MEDIUM] Statamic CMS's missing authorization allows access to assets

PKSA-nr63-r5tp-xby1 CVE-2026-25633 GHSA-gwmx-9gcj-332h

Affected version: >=6.0.0-alpha.1,<6.2.5|<5.73.6

Reported by:
GitHub