https://vulnerability.circl.lu/sightings/feed 2026-05-31T12:23:19.085029+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/b54ce0ac-a9ee-4d35-80ca-d8f138b489a4/export 2026-05-31T12:23:19.440594+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "b54ce0ac-a9ee-4d35-80ca-d8f138b489a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44738", "type": "published-proof-of-concept", "source": "https://github.com/getgrav/grav/security/advisories/GHSA-j274-39qw-32c9", "content": "", "creation_timestamp": "2026-05-09T10:54:58.000000Z"} 2026-05-09T10:54:58+00:00 https://vulnerability.circl.lu/sighting/485b4361-b8dd-4dce-9ec6-71318900a7f8/export 2026-05-31T12:23:19.440518+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "485b4361-b8dd-4dce-9ec6-71318900a7f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44738", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllsbarcwj2g", "content": "\ud83d\udfe0 CVE-2026-44738 - High (7.7)\n\nGrav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any u...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44738/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T17:27:10.751603Z"} 2026-05-11T17:27:10.751603+00:00 https://vulnerability.circl.lu/sighting/07fd07b3-c1f7-479c-b277-ce2170912705/export 2026-05-31T12:23:19.440424+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "07fd07b3-c1f7-479c-b277-ce2170912705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44738", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mllsbarcwj2g", "content": "\ud83d\udfe0 CVE-2026-44738 - High (7.7)\n\nGrav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any u...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44738/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-11T17:27:10.752666Z"} 2026-05-11T17:27:10.752666+00:00 https://vulnerability.circl.lu/sighting/a88f4f51-ce48-40a9-b435-ac2ca1534b0e/export 2026-05-31T12:23:19.438407+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a88f4f51-ce48-40a9-b435-ac2ca1534b0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44738", "type": "seen", "source": "https://gist.github.com/alon710/ef3efe37eacc8d375596cddc56ee3bfb", "content": "# CVE-2026-44738: CVE-2026-44738: Grav CMS Twig Sandbox Information Disclosure via Config::toArray()\n\n> **CVSS Score:** 7.7\n> **Published:** 2026-05-13\n> **Full Report:** https://cvereports.com/reports/CVE-2026-44738\n\n## Summary\nAn information disclosure vulnerability in the Grav CMS file-based Web platform allows authenticated users with the admin.pages role to bypass Twig sandbox restrictions. By invoking the config.toArray() method, attackers can expose complete system configurations, including highly sensitive SMTP passwords, API tokens, and cloud service credentials.\n\n## TL;DR\nAuthenticated Grav CMS users with page-editing privileges can inject a specific Twig template payload to bypass the security sandbox. This action dumps the entire site configuration, exposing critical secrets such as AWS keys and OAuth client secrets to the attacker.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-200\n- **Attack Vector**: Network (Authenticated)\n- **CVSS Score**: 7.7\n- **EPSS Score**: 0.00031\n- **Impact**: Information Disclosure (High)\n- **Exploit Status**: Proof of Concept Available\n\n## Affected Systems\n\n- Grav CMS Core\n- Grav CMS Admin Plugin\n- Twig Templating Engine Integration\n- **Grav CMS**: < 2.0.0-rc.2 (Fixed in: `2.0.0-rc.2`)\n\n## Mitigation\n\n- Upgrade Grav CMS to version 2.0.0-rc.2 or later to apply the official sandbox policy fix.\n- Audit user roles and remove the `admin.pages` role from unnecessary or unverified accounts.\n- Rotate all API keys, SMTP credentials, AWS tokens, and system security salts stored within the Grav configuration.\n\n**Remediation Steps:**\n1. Backup the current Grav CMS file system and user data.\n2. Execute the update procedure via the Grav CLI command `bin/gpm selfupgrade` or through the admin panel.\n3. Verify that the system is running at least version 2.0.0-rc.2.\n4. Identify all third-party credentials stored in the `user/config/` directory.\n5. Generate new credentials for all affected third-party services and update the Grav configuration.\n\n## References\n\n- [GitHub Security Advisory GHSA-j274-39qw-32c9](https://github.com/getgrav/grav/security/advisories/GHSA-j274-39qw-32c9)\n- [NVD Record for CVE-2026-44738](https://nvd.nist.gov/vuln/detail/CVE-2026-44738)\n- [MITRE CVE Record for CVE-2026-44738](https://www.cve.org/CVERecord?id=CVE-2026-44738)\n- [Grav Version 2.0.0-rc.2 Release](https://github.com/getgrav/grav/releases/tag/2.0.0-rc.2)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-44738) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-13T15:40:29.000000Z"} 2026-05-13T15:40:29+00:00