File-based Web Platform Vulnerability in Grav by Getgrav
CVE-2026-59193
6.9MEDIUM
What is CVE-2026-59193?
Grav, a file-based web platform, has a vulnerability where an authenticated admin.super user can exploit the Direct Install tool. By uploading a specially crafted ZIP archive, an attacker can lead to a system crash or disk overflow due to the absence of restrictions on uncompressed size, entry count, or directory depth within the installer. This significant loophole has been addressed in version 2.0.0, which implements the necessary safeguards to mitigate such risks.
Affected Version(s)
grav >= 1.0.0, < 2.0.0
