Vulnerability in N/a
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.
EPSS: 0.001 (22.0th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a