A vulnerability marked as critical has been reported in getgrav grav up to 9.1.7. Affected is an unknown function of the component Form Plugin. Performing a manipulation of the argument process.save.filename results in path traversal.

This vulnerability is reported as CVE-2026-61873. The attack is possible to be carried out remotely. No exploit exists.