๐Ÿ” CVE Alert

CVE-2026-59193

UNKNOWN 0.0

Grav CMS โ€” Improper Handling of Highly Compressed Data in Installer::unZip()

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, or directory depth. This issue is fixed in version 2.0.0.

CWE CWE-409
Vendor getgrav
Product grav
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for getgrav grav

Be the first to know when new unknown vulnerabilities affecting getgrav grav are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

getgrav / grav
>= 1.0.0, < 2.0.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9 github.com: https://github.com/getgrav/grav/commit/23d6f2adf4ce11889c088ac8557c8314baeef781 github.com: https://github.com/getgrav/grav/releases/tag/2.0.0