CVE-2026-61454
Received Received - Intake

Grav Admin2 Plugin Information Disclosure Vulnerability

Vulnerability report for CVE-2026-61454, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ in the Admin2 SPA bootstrap page at /grav/admin (and its subroutes). This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base path, runtime environment type, and exact Grav and Admin2 version numbers, allowing an unauthenticated attacker to fingerprint the deployment and select version-specific exploits without reconnaissance.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
getgrav grav_plugin_admin2 to 2.0.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The CVE-2026-61454 vulnerability involves the Grav CMS Admin2 plugin exposing sensitive internal configuration details through a global JavaScript variable called window.__GRAV_CONFIG__.

This variable is embedded in every unauthenticated response to the /grav/admin endpoint, including its subroutes and even 404 errors.

It discloses critical information such as the exact Grav version, Admin2 version, server URL, API prefix, and environment type.

This information disclosure allows an unauthenticated attacker to fingerprint the deployment and select version-specific exploits without needing to perform reconnaissance.

The vulnerability affects Grav Admin2 plugin versions before 2.0.4 and was patched in version 2.0.4.

Impact Analysis

This vulnerability can impact you by allowing unauthenticated attackers to gain detailed information about your Grav CMS deployment.

With access to exact version numbers, server URL, API prefix, and environment type, attackers can bypass reconnaissance and directly target known vulnerabilities specific to your versions.

This increases the risk of targeted exploits, potentially leading to further compromise of your system.

Detection Guidance

This vulnerability can be detected by inspecting the responses from the /grav/admin endpoint and its subroutes on your Grav CMS server. Specifically, you should look for the presence of the global JavaScript variable window.__GRAV_CONFIG__ in the HTML or JavaScript content of unauthenticated responses.

A simple way to check this is by using command-line tools like curl or wget to fetch the /grav/admin page and then searching for the variable in the response.

  • curl -s http://your-grav-site/grav/admin | grep '__GRAV_CONFIG__'
  • wget -qO- http://your-grav-site/grav/admin | grep '__GRAV_CONFIG__'

If the variable is present in the response without authentication, it indicates the vulnerability exists.

Mitigation Strategies

The immediate mitigation step is to upgrade the Grav Admin2 plugin to version 2.0.4 or later, where this vulnerability has been patched.

Until the upgrade can be applied, consider restricting access to the /grav/admin endpoint and its subroutes by implementing authentication or IP-based access controls to prevent unauthenticated users from accessing these pages.

Additionally, monitor your system for any suspicious activity that might indicate attempts to exploit this information disclosure.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61454. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart