PatchSiren cyber security CVE debrief
CVE-2026-62230 getgrav CVE debrief
CVE-2026-62230 is a high-severity vulnerability in Grav, a popular content management system. The vulnerability arises from the default .htaccess file and reference webserver-configs/htaccess.txt file that ships with Grav versions before 2.0.4. These files contain rules that block access to sensitive file types such as .yaml, .php, and .json. However, these rules lack the [NC] flag, which makes the extension matching case-sensitive. On case-insensitive filesystems like Windows/NTFS, macOS/HFS+, or Docker volume mounts, an unauthenticated attacker can exploit this by requesting files with uppercase or mixed-case extensions (e.g., .YAML, .PHP) to bypass the restrictions and read sensitive configuration files that may contain API keys and credentials.
- Vendor
- getgrav
- Product
- grav
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
System administrators and security teams responsible for Grav installations, especially those using case-insensitive filesystems, should be aware of this vulnerability. Developers and users of Grav versions prior to 2.0.4 need to take immediate action to secure their installations.
Technical summary
The vulnerability is caused by the lack of the [NC] flag in the .htaccess rules of Grav versions before 2.0.4. This flag makes the file extension matching case-insensitive. Without it, on case-insensitive filesystems, attackers can manipulate file extensions to bypass security restrictions. For instance, a request for a file with a .YAML extension could be used to access a .yaml file. This could lead to the exposure of sensitive information, including API keys and credentials, stored in configuration files.
Defensive priority
High
Recommended defensive actions
- Upgrade Grav to version 2.0.4 or later immediately.
- Verify that .htaccess and similar configuration files are updated with the [NC] flag for file type restrictions.
- Conduct a thorough inventory of Grav installations and check for any unauthorized access to sensitive files.
- Implement compensating controls such as monitoring for suspicious file access requests.
- Consider temporarily disabling access to sensitive files until the upgrade can be performed.
Evidence notes
The CVE record was published on 2026-07-17T02:18:10.433Z and has not been modified since then. The NVD entry is currently . The vulnerability details were obtained from the CVE.org record and the NVD detail page. Additional information was found in source references from GitHub and Vulncheck.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:10.433Z and has not been modified since then.