CVE-2026-42608 - Grav: Unauthenticated Path Traversal & Arbitrary File Write in FormFlash component.
CVE ID :CVE-2026-42608 Published : May 11, 2026, 4:17 p.m. | 48 minutes ago Description :Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POST requ
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] LayerZero apologizes for response to major DeFi hack - The Logic
- [CYBER] FROM TOR TO TRACEABLE: WHY 90% OF 'ANONYMOUS' Threat actors ARE ONE MISTAKE AWAY FROM EXPOSURE
- [CYBER] Kia’s cyber-inspired electric sports car is ‘90% production-ready’
- [CYBER] Google Says Hackers Used AI To Create Zero Day Security Flaw For the First Time
- [CYBER] Foxconn Wisconsin breach reportedly linked to Nitrogen ransomware, 8TB data theft claim
- [CYBER] Vibe Coding is Fun Until You Hit Production