CVE-2026-62387
CVE-2026-62387 affects Grav’s API plugin (getgrav/grav-plugin-api) prior to 1.0.0-rc.16. The vulnerability arises from a default CORS setting of Access-Control-Allow-Origin: * on all responses, including authenticated endpoints and preflight (OPTIONS). The plugin accepts credentials via Authoriza...