CVE-2026-29924

Sažetak

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.

Reference

CVSS

Base:	7.6
Impact:	4.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Zadnje važnije ažuriranje

30-03-2026 - 20:16

Objavljeno

30-03-2026 - 19:16