A vulnerability has been found in getgrav Grav API plugin up to 1.0.0-rc.15 and classified as critical. This issue affects some unknown processing of the component API Authentication Handler. This manipulation of the argument token causes backdoor.
This vulnerability is tracked as CVE-2026-58656. The attack is possible to be carried out remotely. No exploit exists.