CVE-2026-61455 - CERT CVE
ID CVE-2026-61455
Sažetak Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage resources.
Reference
CVSS
Base: 6.5
Impact: 3.6
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
NONE NONE HIGH
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Zadnje važnije ažuriranje 10-07-2026 - 17:41
Objavljeno 10-07-2026 - 15:16