HIGHCVE-2026-29924Published 2026-03-30Modified 2026-03-30CNA mitre

CVE-2026-29924: Grav CMS v1

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.

CVSS v3.1: 7.6
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

References

github.com

Metrics