CVE-2026-47352 — Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storage — CVE Database · The Intelligence Room