CVE-2026-29924

Published: Mar 30, 2026 Last Modified: Mar 30, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: low

Availability: low

Description

AI Translation Available

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.

611

Improper Restriction of XML External Entity Reference

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Read Application Data Read Files Or Directories Bypass Protection Mechanism Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)

Applicable Platforms

Languages: Not Language-Specific, XML

Technologies: Not Technology-Specific, Web Based

View CWE Details

https://github.com/getgrav/grav

CVE-2026-29924

Description

Improper Restriction of XML External Entity Reference

Common Consequences

Applicable Platforms

Iscriviti alla newsletter