VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / getgrav/grav

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42607 critical 9.1 10.0 1mo ago Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
CVE-2026-42613 critical 9.4 9.4 1mo ago Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access
CVE-2026-42608 critical 9.1 9.1 1mo ago Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component