Resource Exhaustion in Grav Web Platform by Getgrav
CVE-2026-53653

8.7HIGH

Key Information:

Vendor

Getgrav

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-53653?

Grav, a file-based web platform by Getgrav, allows unauthenticated users to exhaust server resources by making requests for image derivatives with excessively large dimensions. This issue arises from the lack of limitations in the dimension parameters during image processing, which can lead to server memory and CPU overload. The vulnerability is addressed in the updates released in versions 1.7.53 and 2.0.0-rc.8, ensuring a safeguard against such exploitation.

Affected Version(s)

grav >= 2.0.0-beta.1, < 2.0.0-rc.8 < 2.0.0-beta.1, 2.0.0-rc.8

grav < 1.7.53 < 1.7.53

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.