CVE-2026-42843P2HIGHCVSS 8.8v1.0.0·fixed in 1.0.0-beta.152026-05-11
CVE-2026-42843 [HIGH] CWE-863 CVE-2026-42843: Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's cont
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin (UsersController::update) allows any authenticated user with basic API access (api.access) to modi
ghsanvd