CVE-2026-42845

Summary

Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override

Severity

high

EPSS

0.6% (p45)

Also known as

GHSA-w4rc-p66m-x6qq

Published

2026-05-06

References

• https://github.com/getgrav/grav/security/advisories/GHSA-w4rc-p66m-x6qq
• https://nvd.nist.gov/vuln/detail/CVE-2026-42845
• https://github.com/getgrav/grav-plugin-form/commit/48bacc4187e1cff815000e526d5ca2878484867f

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity