File-based Web Platform Vulnerability in Grav by Getgrav
CVE-2026-59193

6.9MEDIUM

Key Information:

Vendor

Getgrav

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-59193?

Grav, a file-based web platform, has a vulnerability where an authenticated admin.super user can exploit the Direct Install tool. By uploading a specially crafted ZIP archive, an attacker can lead to a system crash or disk overflow due to the absence of restrictions on uncompressed size, entry count, or directory depth within the installer. This significant loophole has been addressed in version 2.0.0, which implements the necessary safeguards to mitigate such risks.

Affected Version(s)

grav >= 1.0.0, < 2.0.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.