Lucene search
K

4 matches found

NVD
NVD
added 2026/05/11 4:17 p.m.17 views

CVE-2026-42609

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS0.00463EPSS
Exploits1References4
OSV
OSV
added 2026/05/11 3:3 p.m.3 views

CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS5.9AI score0.00463EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/05/11 3:3 p.m.10 views

CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References4
OSV
OSV
added 2026/05/05 9:29 p.m.6 views

GHSA-RR73-568V-28F8 Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account'...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References6
Rows per page
Query Builder