CVE-2026-7317
Received Received - Intake
Remote Deserialization Vulnerability in Grav CMS Cache Component

Publication date: 2026-04-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 2.0.0-beta.2 addresses this issue. The patch is identified as c66dfeb5f. The affected component should be upgraded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7317
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
grav cms to 1.7.49.5 (inc)
grav cms to 2.0.0-beta.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Grav CMS versions up to 1.7.49.5 and 2.0.0-beta.1, specifically in the FileCache::doGet function of the Cache Value Handler component. It involves manipulation that results in deserialization, which can be exploited remotely. The attack is complex and difficult to execute, but the exploit has been made public.

Upgrading to version 2.0.0-beta.2 fixes this issue.

Impact Analysis

Exploitation of this vulnerability could allow an attacker to perform unauthorized deserialization, potentially leading to limited confidentiality, integrity, and availability impacts on the affected system.

  • Confidentiality: Low impact
  • Integrity: Low impact
  • Availability: Low impact

However, the attack requires a high level of complexity and is difficult to exploit.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the affected Grav CMS component to version 2.0.0-beta.2 or later, as this version addresses the issue.

The vulnerability affects the FileCache::doGet function in the Cache Value Handler component, and upgrading will apply the patch identified as c66dfeb5f.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7317. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart