Known Vulnerabilities for Grav by Getgrav
Listed below are 10 of the newest known vulnerabilities associated with "Grav" by "Getgrav".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44738 json | Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages rol... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-44737 json | grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-42845 json | The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content ... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42844 json | Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abu... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-42843 json | Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-42842 json | The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulner... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-42841 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an e... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-42613 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-c... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42612 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav a... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-42611 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause... | Not Provided | 2026-05-11 | 2026-05-11 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.6.9 | |||
| Application | Getgrav | Grav | 1.6.8 |