Resource Exhaustion in Grav Web Platform by Getgrav
CVE-2026-53653
8.7HIGH
What is CVE-2026-53653?
Grav, a file-based web platform by Getgrav, allows unauthenticated users to exhaust server resources by making requests for image derivatives with excessively large dimensions. This issue arises from the lack of limitations in the dimension parameters during image processing, which can lead to server memory and CPU overload. The vulnerability is addressed in the updates released in versions 1.7.53 and 2.0.0-rc.8, ensuring a safeguard against such exploitation.
Affected Version(s)
grav >= 2.0.0-beta.1, < 2.0.0-rc.8 < 2.0.0-beta.1, 2.0.0-rc.8
grav < 1.7.53 < 1.7.53
