A vulnerability marked as critical has been reported in getgrav Grav up to 1.3.x. This issue affects the function
template_from_string of the component Flex Objects. The manipulation of the argument Title leads to improper neutralization of special elements used in a template engine.
This vulnerability is traded as CVE-2026-58655. It is possible to initiate the attack remotely. There is no exploit available.