Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-59193

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-10 Jul, 2026 | 16:35
Updated At-10 Jul, 2026 | 19:04
Rejected At-
Credits

Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip()

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, or directory depth. This issue is fixed in version 2.0.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:10 Jul, 2026 | 16:35
Updated At:10 Jul, 2026 | 19:04
Rejected At:
▼CVE Numbering Authority (CNA)
Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip()

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, or directory depth. This issue is fixed in version 2.0.0.

Affected Products
Vendor
getgrav
Product
grav
Versions
Affected
  • >= 1.0.0, < 2.0.0
Problem Types
TypeCWE IDDescription
CWECWE-409CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
Type: CWE
CWE ID: CWE-409
Description: CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9
x_refsource_CONFIRM
https://github.com/getgrav/grav/commit/23d6f2adf4ce11889c088ac8557c8314baeef781
x_refsource_MISC
https://github.com/getgrav/grav/releases/tag/2.0.0
x_refsource_MISC
Hyperlink: https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/getgrav/grav/commit/23d6f2adf4ce11889c088ac8557c8314baeef781
Resource:
x_refsource_MISC
Hyperlink: https://github.com/getgrav/grav/releases/tag/2.0.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9
exploit
Hyperlink: https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:10 Jul, 2026 | 17:17
Updated At:10 Jul, 2026 | 20:16

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, or directory depth. This issue is fixed in version 2.0.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

getgrav
getgrav
>>grav>>Versions from 1.0.0(inclusive) to 2.0.0(exclusive)
cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*
getgrav
getgrav
>>grav>>2.0.0
cpe:2.3:a:getgrav:grav:2.0.0:beta1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-409Secondarysecurity-advisories@github.com
CWE ID: CWE-409
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/getgrav/grav/commit/23d6f2adf4ce11889c088ac8557c8314baeef781security-advisories@github.com
Patch
https://github.com/getgrav/grav/releases/tag/2.0.0security-advisories@github.com
Product
https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9security-advisories@github.com
Exploit
Vendor Advisory
https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/getgrav/grav/commit/23d6f2adf4ce11889c088ac8557c8314baeef781
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/getgrav/grav/releases/tag/2.0.0
Source: security-advisories@github.com
Resource:
Product
Hyperlink: https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/getgrav/grav/security/advisories/GHSA-2vcx-h8p2-9pg9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

6Records found

CVE-2025-66303
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.34% / 26.04%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 21:35
Updated-03 Dec, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grav is vulnerable to a DOS on the admin panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service (DoS) vulnerability has been identified in Grav related to the handling of scheduled_at parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduled_at parameter with a malicious input, such as a single quote, the application admin panel becomes non-functional, causing significant disruptions to administrative operations. The only way to recover from this issue is to manually access the host server and modify the backup.yaml file to correct the corrupted cron expression. This vulnerability is fixed in 1.8.0-beta.27.

Action-Not Available
Vendor-getgravgetgrav
Product-gravgrav
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-66305
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 25.94%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 21:43
Updated-03 Dec, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service (DoS) vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel (/admin/config/system). Specifically, the Supported parameter fails to properly validate user input. If a malformed value is inserted—such as a single forward slash (/) or an XSS test string—it causes a fatal regular expression parsing error on the server. This leads to application-wide failure due to the use of the preg_match() function with an improperly constructed regular expression, resulting in an error. Once triggered, the site becomes completely unavailable to all users. This vulnerability is fixed in 1.8.0-beta.27.

Action-Not Available
Vendor-getgravgetgrav
Product-gravgrav
CWE ID-CWE-248
Uncaught Exception
CVE-2026-61455
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 13:58
Updated-10 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grav before 2.0.1 Decompression Bomb via ZipArchiver

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage resources.

Action-Not Available
Vendor-getgrav
Product-grav
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2026-61449
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.25% / 15.95%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 11:25
Updated-15 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grav before 2.0.2 Decompression Bomb via Forged ZIP Size

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header (ZipArchive::statIndex()['size']) and rejects archives exceeding system.gpm.archive.max_uncompressed_size before extraction. Because this declared size is attacker-forgeable and is not cross-checked against the actual inflated stream, a crafted archive declaring tiny per-entry sizes passes the cap while extractTo() writes the real, much larger content, filling disk or exhausting inodes. The archive must be supplied by a package source or admin upload (admin/operator trust). Fixed in 2.0.2. This is an incomplete fix for GHSA-928x-9mpw-8h56.

Action-Not Available
Vendor-getgrav
Product-grav
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2026-42886
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.26% / 17.11%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 19:54
Updated-12 May, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audiobookshelf: Memory amplification DoS via oversized compressed details entry in backup upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData(), with no limit on the decompressed size. The upload middleware also has no file size limit. An admin user can upload a crafted ZIP containing a highly compressed details entry that, when decompressed, consumes hundreds of megabytes or gigabytes of memory, crashing the server process via out-of-memory. This vulnerability is fixed in 2.32.2.

Action-Not Available
Vendor-advplyr
Product-audiobookshelf
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2024-54682
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.47%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 08:03
Updated-30 Sep, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zipbomb DoS via Missing Slack Import Validation

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
Details not found