A vulnerability described as critical has been identified in getgrav Grav up to 1.1.x. This affects the function PDO::tableExists of the component Database Plugin. The manipulation of the argument table results in sql injection.

This vulnerability is known as CVE-2026-58492. It is possible to launch the attack remotely. No exploit is available.