CVE-2026-29924
HIGH
NVD
CVSS Score
7.6
Severity
HIGH
Published
Mar 30, 2026
Vendor
unknown
Description
Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.