CVE-2026-29924 in Grav CMSinfo

Summary

Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.

Responsible

MITRE

Reservation

03/04/2026

Disclosure

03/30/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
354243	Grav CMS SVG File xml external entity reference	611	Not defined	Not defined	CVE-2026-29924

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!