docs: add security notice for CVE-2026-25128

[nithinssabu]

Description

Adds a security notice for CVE-2026-25128 in Web Modeler.

Closes https://github.com/camunda/web-modeler/issues/20793

When should this change go live?

• This is a bug fix, security concern, or something that needs urgent release support. (add bug or support label)
• This is already available but undocumented and should be released within a week. (add available & undocumented label)
• This is on a specific schedule and the assignee will coordinate a release with the Documentation team. (create draft PR and/or add hold label)
• This is part of a scheduled alpha or minor. (add alpha or minor label)
• There is no urgency with this change (add low prio label)

PR Checklist

• The commit history of this PR is cleaned up, using {type}(scope): {description} commit message(s)

• My changes are for an upcoming minor release and are in the /docs directory (version 8.9).
• My changes are for an already released minor and are in a /versioned_docs directory.

• I added a DRI, team, or delegate as a reviewer for technical accuracy and grammar/style:
  • Engineering team review
  • Technical writer review via @camunda/tech-writers unless working with an embedded writer.

[wollefitz]

Just a small remark but approving already

[giorgionaps]

LGTM!

[giorgionaps]

@nithinssabu do you need for us to trigger a doc release once this has been merged?

[nithinssabu]

@nithinssabu do you need for us to trigger a doc release once this has been merged?

@giorgionaps Yes please.

[mesellings]

@nithinssabu this was published with https://github.com/camunda/camunda-docs/releases/tag/8.8.170