CVE-2026-32986 — Textpattern CMS version 4.9.0 contains a second-order cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input in — CVE Database · The Intelligence Room