top of page
perceptive_background_267k.jpg

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.

Published:

29 maart 2026 om 22:00:00

Alert date:

30 maart 2026 om 21:02:23

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

Grav CMS version 1.7.x and earlier versions are vulnerable to XML External Entity (XXE) attacks through the SVG file upload functionality. The vulnerability exists in both the admin panel and File Manager plugin, allowing attackers to potentially access sensitive files or perform server-side request forgery attacks through maliciously crafted SVG files. This affects all Grav CMS installations running version 1.7.x or older versions.

Technical details

Mitigation steps:

Affected products:

Grav CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-29924
https://github.com/getgrav/grav

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page