Resource exhaustion in Getgrav Grav

CVE-2026-53653

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as fo…

Affected products

  • Getgrav Grav — versions >= 2.0.0-beta.1, < 2.0.0-rc.8, < 1.7.53

Weakness classification (CWE)

References