CVE-2026-44738

{"id": "CVE-2026-44738", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2026-05-11T17:16:34.747", "references": [{"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j274-39qw-32c9", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j274-39qw-32c9", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire merged site configuration \u2014 including all plugin secrets (SMTP passwords, AWS keys, OAuth client secrets, API tokens) \u2014 into the rendered HTML. No administrator privileges are required. This vulnerability is fixed in 2.0.0-rc.2."}], "lastModified": "2026-05-14T18:16:50.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064CDB77-36FA-4294-9397-0D6FC8E67F1F", "versionEndExcluding": "2.0.0"}, {"criteria": "cpe:2.3:a:getgrav:grav:2.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ABB323F-20AF-40F3-BCD9-262644D242A1"}, {"criteria": "cpe:2.3:a:getgrav:grav:2.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23F8F687-3238-4CC0-AAC0-8D73DD13EB57"}, {"criteria": "cpe:2.3:a:getgrav:grav:2.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D2DD669-63FD-44AF-ABA7-5998216D81B0"}, {"criteria": "cpe:2.3:a:getgrav:grav:2.0.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0439ACB4-C5F0-4C78-B62D-8A7CCCA95943"}, {"criteria": "cpe:2.3:a:getgrav:grav:2.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8DFF41E-3A2E-4975-8417-6157E923D749"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}