VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / getgrav/grav

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42611 high 8.9 8.9 23d ago Grav is Vulnerable to Stored XSS via Tag Injection php
CVE-2026-42844 high 8.8 8.8 22d ago Low-privileged Grav API users can create super-admin accounts via blueprint-upload php
CVE-2026-42609 high 8.1 8.1 23d ago Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic php
CVE-2026-44738 high 7.7 7.7 15d ago Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray() php