A vulnerability classified as problematic has been found in getgrav grav up to 1.1.x. This impacts the function __call of the component Database Plugin. This manipulation of the argument host/dbname/charset/server/database/directory/filename causes path traversal.

This vulnerability is handled as CVE-2026-58493. The attack can be initiated remotely. There is not any exploit available.