Security Advisories - getgrav/grav - Packagist.org

getgrav/grav Security Advisories for 2.0.0-rc.1 (1)

[HIGH] Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray()

PKSA-jw9z-qj9h-1drk CVE-2026-44738 GHSA-j274-39qw-32c9

Affected version: <=2.0.0-rc.1

Reported by:
GitHub