CVE-2026-61455 in Gravinformación

Resumen

por MITRE • 2026-07-10

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage resources.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

VulnCheck

Reservar

2026-07-09

Divulgación

2026-07-10

Moderación

aceptado

Artículo

VDB-377524

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Do you know our Splunk app?

Download it now for free!