PT-2026-29094 · Grav Cms · Grav Cms+1
Published
2026-03-30
·
Updated
2026-03-30
·
CVE-2026-29924
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Grav CMS versions prior to 1.7.x
Description
The software is susceptible to XML External Entity (XXE) attacks. This issue affects the SVG file upload functionality within the admin panel and the File Manager plugin. The vulnerability allows for potential exploitation through manipulation of XML data during file processing.
Recommendations
Update to a version later than 1.7.x.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
File Manager
Grav Cms