CVE-2026-62234
Grav 2.x prior to 2.0.4 contains an SSRF vulnerability in webhook dispatch where authenticated users with api.webhooks.write can create webhooks using file://, dict://, or gopher:// protocols. This unrestricted protocol handling can be leveraged to read local files, access process information, or...