[HIGH] Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray()

PKSA-jw9z-qj9h-1drk CVE-2026-44738 GHSA-j274-39qw-32c9

Affected package: getgrav/grav

Affected version: <=2.0.0-rc.1

Reported by:
GitHub