CVE-2026-7317: Deserialization in Grav CMS
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 2.0.0-beta.2 addresses this issue. The patch is identified as c66dfeb5f. The affected component should be upgraded.
AI Analysis
Technical Summary
This vulnerability exists in the FileCache::doGet function of Grav CMS's Cache Value Handler component, where manipulated input can lead to deserialization. It affects multiple versions up to 1.7.49.5 and 2.0.0-beta.1. The attack vector is remote, but exploitation complexity is high and no known exploits are reported in the wild. The issue is resolved by upgrading to version 2.0.0-beta.2, with the patch identified as c66dfeb5f.
Potential Impact
The vulnerability could allow an attacker to perform deserialization attacks remotely, potentially leading to unintended code execution or other impacts related to deserialization flaws. However, the CVSS score is low (2.3), reflecting limited impact and high exploitation complexity. No known exploits are currently active in the wild.
Mitigation Recommendations
Upgrade affected Grav CMS installations to version 2.0.0-beta.2 or later, which contains the official fix for this vulnerability (patch c66dfeb5f). No other mitigation steps are indicated by the vendor advisory.
CVE-2026-7317: Deserialization in Grav CMS
Description
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 2.0.0-beta.2 addresses this issue. The patch is identified as c66dfeb5f. The affected component should be upgraded.
CVSS v4.0
Score 2.3low
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in the FileCache::doGet function of Grav CMS's Cache Value Handler component, where manipulated input can lead to deserialization. It affects multiple versions up to 1.7.49.5 and 2.0.0-beta.1. The attack vector is remote, but exploitation complexity is high and no known exploits are reported in the wild. The issue is resolved by upgrading to version 2.0.0-beta.2, with the patch identified as c66dfeb5f.
Potential Impact
The vulnerability could allow an attacker to perform deserialization attacks remotely, potentially leading to unintended code execution or other impacts related to deserialization flaws. However, the CVSS score is low (2.3), reflecting limited impact and high exploitation complexity. No known exploits are currently active in the wild.
Mitigation Recommendations
Upgrade affected Grav CMS installations to version 2.0.0-beta.2 or later, which contains the official fix for this vulnerability (patch c66dfeb5f). No other mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-28T13:11:54.929Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f1649ccbff5d861047ecf7
Added to database: 4/29/2026, 1:53:32 AM
Last enriched: 4/29/2026, 12:38:00 PM
Last updated: 6/12/2026, 12:38:21 PM
Views: 44
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.