Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.
PUBLISHED Reserved 2026-03-04 | Published 2026-03-30 | Updated 2026-03-30 | Assigner mitre
github.com/getgrav/grav
cve.org (CVE-2026-29924)
nvd.nist.gov (CVE-2026-29924)
Download JSON
