CVE-2026-46454: Unvalidated CometD Headers Enable Message Header Injection — Casky — Casky