A vulnerability was found in getgrav Grav up to 1.0.2 and classified as critical. This affects the function HandlesMediaUploads::processUploadedFile of the file /api/v1/media of the component SVG File Handler. Such manipulation leads to unrestricted upload.

This vulnerability is listed as CVE-2026-61456. The attack may be performed from remote. There is no available exploit.