PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62230 getgrav CVE debrief

CVE-2026-62230 is a high-severity vulnerability in Grav, a popular content management system. The vulnerability arises from the default .htaccess file and reference webserver-configs/htaccess.txt file that ships with Grav versions before 2.0.4. These files contain rules that block access to sensitive file types such as .yaml, .php, and .json. However, these rules lack the [NC] flag, which makes the extension matching case-sensitive. On case-insensitive filesystems like Windows/NTFS, macOS/HFS+, or Docker volume mounts, an unauthenticated attacker can exploit this by requesting files with uppercase or mixed-case extensions (e.g., .YAML, .PHP) to bypass the restrictions and read sensitive configuration files that may contain API keys and credentials.

Vendor
getgrav
Product
grav
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

System administrators and security teams responsible for Grav installations, especially those using case-insensitive filesystems, should be aware of this vulnerability. Developers and users of Grav versions prior to 2.0.4 need to take immediate action to secure their installations.

Technical summary

The vulnerability is caused by the lack of the [NC] flag in the .htaccess rules of Grav versions before 2.0.4. This flag makes the file extension matching case-insensitive. Without it, on case-insensitive filesystems, attackers can manipulate file extensions to bypass security restrictions. For instance, a request for a file with a .YAML extension could be used to access a .yaml file. This could lead to the exposure of sensitive information, including API keys and credentials, stored in configuration files.

Defensive priority

High

Recommended defensive actions

  • Upgrade Grav to version 2.0.4 or later immediately.
  • Verify that .htaccess and similar configuration files are updated with the [NC] flag for file type restrictions.
  • Conduct a thorough inventory of Grav installations and check for any unauthorized access to sensitive files.
  • Implement compensating controls such as monitoring for suspicious file access requests.
  • Consider temporarily disabling access to sensitive files until the upgrade can be performed.

Evidence notes

The CVE record was published on 2026-07-17T02:18:10.433Z and has not been modified since then. The NVD entry is currently . The vulnerability details were obtained from the CVE.org record and the NVD detail page. Additional information was found in source references from GitHub and Vulncheck.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:10.433Z and has not been modified since then.