Package impact
Packagist / getgrav/grav
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42611 | high | 8.9 | 8.9 | 1mo ago | Grav is Vulnerable to Stored XSS via Tag Injection | |||
| CVE-2026-42844 | high | 8.8 | 8.8 | 29d ago | Low-privileged Grav API users can create super-admin accounts via blueprint-upload | |||
| CVE-2026-42609 | high | 8.1 | 8.1 | 1mo ago | Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic | |||
| CVE-2026-44738 | high | 7.7 | 7.7 | 22d ago | Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray() |