PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62387 getgrav CVE debrief

The Grav API plugin before version 1.0.0-rc.16 had a misconfigured CORS setting, allowing unauthorized cross-origin requests. This vulnerability, CVE-2026-62387, was made public on 2026-07-17. The plugin's default configuration included an Access-Control-Allow-Origin header set to *, which could be exploited by attackers to read sensitive data and perform actions as the token's user. The vulnerability is considered high severity, with a CVSS score of 7.1. The affected product is the Grav API plugin, and the vulnerability class is related to improper CORS configuration. The likely operational impact is sensitive data exposure and unauthorized actions.

Vendor
getgrav
Product
grav
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Administrators and users of the Grav API plugin should be aware of this vulnerability and take immediate action to update to version 1.0.0-rc.16 or later. Additionally, users who have obtained a valid access token should be cautious of potential cross-origin request attacks. The vulnerability affects operators who use the Grav API plugin and security teams responsible for vulnerability management.

Technical summary

The Grav API plugin had a misconfigured CORS setting, allowing unauthorized cross-origin requests. The plugin accepted credentials via the Authorization and X-API-Token headers, which could be exploited by attackers who obtained a valid access token. This could lead to sensitive data exposure and unauthorized actions. The vulnerability is fixed in version 1.0.0-rc.16. However, the technical details of the vulnerability and its potential impact are not fully elaborated in the current CVE record.

Defensive priority

High

Recommended defensive actions

  • Update the Grav API plugin to version 1.0.0-rc.16 or later
  • Verify and restrict access to sensitive data and operations
  • Monitor for suspicious cross-origin requests
  • Implement additional security measures to protect against token leakage
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-17T02:18:12.053Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The source item URL and references provide additional context for this vulnerability. However, the details are limited, and defenders should verify the affected scope and severity with the vendor. The CVE-2026-62387 record indicates a high severity vulnerability, but the current information may not be comprehensive.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:12.053Z and has not been modified since then. The NVD entry is currently Received.