PatchSiren

Grav CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Grav CVE published 2026-06-18

CVE-2026-11982

CVE-2026-11982 is a stored cross-site scripting (XSS) vulnerability in Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14, affecting the Admin2 Pages API save flow. The CVE record was published on 2026-06-18T17:16:28.093Z and was last modified on 2026-06-22T17:56:35.757Z. This vulnerability allows for stored cross-site scripting (XSS) attacks, which could potentially allow an attacker to inject malicious scripts int [truncated]