CVE-2026-49741 — Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistenc — CVE Database · The Intelligence Room