CVE-2026-62234

Grav · grav

Grav contains a Server-Side Request Forgery vulnerability that allows authenticated attackers to perform unauthorized requests by exploiting unrestricted curl protocols.

Executive summary

A Server-Side Request Forgery vulnerability in Grav allows authenticated attackers to potentially compromise backend resources and internal network services.

Vulnerability

This is a Server-Side Request Forgery (SSRF) vulnerability (CWE-918) stemming from the use of unrestricted curl protocols. The vulnerability requires the attacker to be authenticated to the application to trigger the malicious request.

Business impact

An SSRF vulnerability can be leveraged to bypass network segmentation, allowing an attacker to probe internal services, access sensitive cloud metadata, or interact with databases that are not exposed to the public internet. With a CVSS score of 8.1, this represents a significant risk of internal reconnaissance and potential lateral movement within the network.

Remediation

Immediate Action: Update Grav to version 2.0.4 or later to implement necessary restrictions on curl protocols.

Proactive Monitoring: Review web server and application logs for outgoing requests to unexpected or internal IP addresses initiated by the application service.

Compensating Controls: Implement strict egress filtering on the host running the Grav application to prevent the server from initiating unauthorized connections to internal network segments.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The risk posed by SSRF vulnerabilities is high because they often serve as a gateway to deeper network penetration. Organizations should verify their current version of Grav and apply the patch immediately to prevent attackers from utilizing the application as a proxy for internal network exploitation.