PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11982 Grav CVE debrief

CVE-2026-11982 is a stored cross-site scripting (XSS) vulnerability in Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14, affecting the Admin2 Pages API save flow. The CVE record was published on 2026-06-18T17:16:28.093Z and was last modified on 2026-06-22T17:56:35.757Z. This vulnerability allows for stored cross-site scripting (XSS) attacks, which could potentially allow an attacker to inject malicious scripts into the application. Users of Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 should apply patches or mitigations to prevent exploitation of the stored XSS vulnerability. The CVSS score is 5.1, indicating a medium severity level.

Vendor
Grav
Product
grav-plugin-api
CVSS
MEDIUM 5.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-18
Original CVE updated
2026-06-22
Advisory published
2026-06-18
Advisory updated
2026-06-22

Who should care

Users of Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 should apply patches or mitigations to prevent exploitation of the stored XSS vulnerability. This includes administrators and security teams responsible for maintaining and securing Grav installations. Additionally, operators and platform administrators may need to review and update their configurations to prevent potential attacks.

Technical summary

The vulnerability exists in the Admin2 Pages API save flow of Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14. It allows for stored cross-site scripting (XSS) attacks. The CVSS score is 5.1, indicating a medium severity level. This vulnerability could potentially allow an attacker to inject malicious scripts into the application, which could lead to unauthorized actions or data breaches. The vulnerability is considered to be of medium priority, and users of Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 should apply patches or mitigations to prevent exploitation.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability to prevent potential XSS attacks. This includes applying patches or updates provided by the vendor, implementing compensating controls, and monitoring for suspicious activity.

Recommended defensive actions

  • Apply patches or updates provided by the vendor to fix the vulnerability.
  • Implement compensating controls such as web application firewalls (WAFs) to detect and prevent XSS attacks.
  • Monitor for suspicious activity and implement logging and exception tracking to detect potential exploitation attempts.
  • Review and update Grav configurations to prevent potential attacks.
  • Conduct regular security audits and vulnerability assessments to identify potential vulnerabilities.
  • Implement asset inventory and tracking to ensure that all Grav installations are accounted for and up-to-date.
  • Consider implementing rollback/change windows to ensure that changes to Grav installations are properly tested and validated.

Evidence notes

The CVE record and NVD entry provide details on the vulnerability. However, further information from the vendor and additional sources may be necessary to fully understand the vulnerability and its impact. The vulnerability is considered to be of medium priority, and users of Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 should apply patches or mitigations to prevent exploitation. The CVSS score is 5.1, indicating a medium severity level.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T17:16:28.093Z and has not been modified since then.