CVE-2026-62233 in Grav정보

요약

\~에 의해 MITRE • 2026. 07. 17.

grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, allowing non-super api.users.write managers to escalate to super-admin. Attackers can mint API keys bound to super-admin accounts or strip 2FA from super-admin users to achieve full instance takeover.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

책임이 있는

VulnCheck

예약하다

2026. 07. 13.

모더레이션

수락

항목

VDB-379728

EPSS

0.00000

출처

Want to know what is going to be exploited?

We predict KEV entries!