CVE-2026-10750: Royal MCP Plugin Insufficient Capability Checks Post-Authentication — Casky — Casky