CVE-2026-7317 | Grav CMS up to 1.7.49.5/2.0.0-beta.1 Cache Value FileCache.php FileCache::doGet deserialization (GHSA-gwfr-jfjf-92vv / c66dfeb5f)

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability labeled as critical has been found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization.

This vulnerability is cataloged as CVE-2026-7317. The attack may be launched remotely. Furthermore, there is an exploit available.

The affected component should be upgraded.

CVE-2026-7317 | Grav CMS up to 1.7.49.5/2.0.0-beta.1 Cache Value FileCache.php FileCache::doGet deserialization (GHSA-gwfr-jfjf-92vv / c66dfeb5f)

Post correlati

CVE-2024-4992 | SiAdmin 1.1 aksi_kuliah.php nim sql injection

CVE-2025-66960 | Ollama 0.12.10 GGUF Metadata fs/ggml/gguf.go readGGUFV1String denial of service

CVE-2024-11615 | Envolve Plugin up to 1.0 on WordPress zetra_deleteLanguageFile/zetra_deleteFontsFile denial of service

CVE-2025-62248 | Liferay Portal/DXP cross site scripting