Package impact
COMPOSER / getgrav/grav
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-42607 | critical | 9.1 | 10.0 | 23d ago | Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature | |
| CVE-2026-42613 | critical | 9.4 | 9.4 | 23d ago | Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access | |
| CVE-2026-42608 | critical | 9.1 | 9.1 | 23d ago | Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component |