PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62232 getgrav CVE debrief

CVE-2026-62232 is a critical vulnerability in Grav before 2.0.4 that allows attackers to bypass two-factor authentication (2FA) by regenerating the 2FA secret. This vulnerability has a CVSS score of 9.1 and is considered critical. The vulnerability exists in the login plugin of Grav, where the regenerate2FASecret task only checks for user existence, not authorization, during the pending TOTP challenge window. This allows attackers who know the victim's password to call this task without a CSRF nonce to overwrite the 2FA secret with an attacker-chosen value, compute a valid TOTP code, and complete authentication while reducing 2FA to password-only protection. Administrators and users of Grav versions before 2.0.4 should be aware of this vulnerability and take immediate action to update to the latest version.

Vendor
getgrav
Product
grav
CVSS
CRITICAL 9.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Administrators and users of Grav versions before 2.0.4 should be aware of this vulnerability and take immediate action to update to the latest version. This vulnerability can be exploited by attackers who know the victim's password, and it can have a significant impact on the security of the system. Users who have not updated to version 2.0.4 or later are at risk of being exploited.

Technical summary

The vulnerability exists in the login plugin of Grav, where the regenerate2FASecret task only checks for user existence, not authorization, during the pending TOTP challenge window. This allows attackers who know the victim's password to call this task without a CSRF nonce to overwrite the 2FA secret with an attacker-chosen value, compute a valid TOTP code, and complete authentication while reducing 2FA to password-only protection. The vulnerability has a CVSS score of 9.1 and is considered critical.

Defensive priority

High

Recommended defensive actions

  • Update Grav to version 2.0.4 or later
  • Review and update 2FA configurations
  • Monitor for suspicious login activity
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-17T02:18:10.743Z and has not been modified since then. The NVD entry is currently Received. There are limited details available about the vulnerability from the CVE and NVD entries. Further investigation and verification are needed to understand the full scope of the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:10.743Z and has not been modified since then.