Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-7317
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-28 Apr, 2026 | 20:30
Updated At-29 Apr, 2026 | 13:01
Rejected At-
▼CVE Numbering Authority (CNA)
Grav CMS Cache Value FileCache.php doGet deserialization

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 2.0.0-beta.2 addresses this issue. The patch is identified as c66dfeb5f. The affected component should be upgraded.

Affected Products
Vendor
Grav
Product
CMS
Modules
  • Cache Value Handler
Versions
Affected
  • 1.7.49.0
  • 1.7.49.1
  • 1.7.49.2
  • 1.7.49.3
  • 1.7.49.4
  • 1.7.49.5
  • 2.0.0-beta.0
  • 2.0.0-beta.1
Unaffected
  • 2.0.0-beta.2
Problem Types
TypeCWE IDDescription
CWECWE-502Deserialization
CWECWE-20Improper Input Validation
Type: CWE
CWE ID: CWE-502
Description: Deserialization
Type: CWE
CWE ID: CWE-20
Description: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.15.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.05.0MEDIUM
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2.04.6N/A
AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 3.0
Base score: 5.0
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 2.0
Base score: 4.6
Base severity: N/A
Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
s4nnty (VulDB User)
Timeline
EventDate
Advisory disclosed2026-04-28 00:00:00
VulDB entry created2026-04-28 02:00:00
VulDB entry last update2026-04-28 15:18:04
Event: Advisory disclosed
Date: 2026-04-28 00:00:00
Event: VulDB entry created
Date: 2026-04-28 02:00:00
Event: VulDB entry last update
Date: 2026-04-28 15:18:04
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/vuln/359965
vdb-entry
technical-description
https://vuldb.com/vuln/359965/cti
signature
permissions-required
https://vuldb.com/submit/798732
third-party-advisory
https://github.com/devsamuelsantiago/grav-cms-filecache-object-injection
exploit
https://github.com/getgrav/grav/security/advisories/GHSA-gwfr-jfjf-92vv
related
https://github.com/getgrav/grav/commit/c66dfeb5f
patch
Hyperlink: https://vuldb.com/vuln/359965
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/359965/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/798732
Resource:
third-party-advisory
Hyperlink: https://github.com/devsamuelsantiago/grav-cms-filecache-object-injection
Resource:
exploit
Hyperlink: https://github.com/getgrav/grav/security/advisories/GHSA-gwfr-jfjf-92vv
Resource:
related
Hyperlink: https://github.com/getgrav/grav/commit/c66dfeb5f
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found