CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-44738

CVE-2026-44738: Grav CMS Twig Sandbox Information Disclosure via Config::toArray()

Amit Schendel
Amit Schendel
Senior Security Researcher

May 13, 2026·6 min read·21 visits

Executive Summary (TL;DR)

Authenticated Grav CMS users with page-editing privileges can inject a specific Twig template payload to bypass the security sandbox. This action dumps the entire site configuration, exposing critical secrets such as AWS keys and OAuth client secrets to the attacker.

An information disclosure vulnerability in the Grav CMS file-based Web platform allows authenticated users with the admin.pages role to bypass Twig sandbox restrictions. By invoking the config.toArray() method, attackers can expose complete system configurations, including highly sensitive SMTP passwords, API tokens, and cloud service credentials.

Vulnerability Overview

Grav CMS is a widely deployed file-based Web platform that utilizes the Twig templating engine for rendering content and managing display logic. To secure its templating system and protect underlying architecture, Grav implements a Twig sandbox mechanism. This sandbox is purposefully designed to restrict the functions, methods, and properties available to standard content editors, preventing unauthorized code execution and limiting access to sensitive PHP environments.

CVE-2026-44738 represents a critical configuration failure within this sandbox implementation. The vulnerability permits authenticated users possessing the admin.pages role to completely bypass intended data access restrictions. This role is a standard assignment for content contributors, meaning the exploit can be executed by lower-privileged accounts to compromise the entire instance infrastructure.

The core issue is formally classified under CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. By abusing an overly permissive sandbox configuration, an attacker forces the application to render the complete, merged site configuration directly into the HTML output of a webpage. This configuration dataset invariably contains the sensitive secrets required for system operation and third-party service integrations.

Root Cause Analysis

The vulnerability originates from the specific configuration of the Twig sandbox allow-list within the Grav CMS core architecture. The sandbox is strictly responsible for filtering the methods that can be invoked on objects passed into the Twig rendering context. The Grav\Common\Config\Config object, which structurally holds the entire state of the application's configuration, is exposed to the Twig environment to allow frontend designers to access safe, operational configuration variables.

However, the sandbox allow-list incorrectly granted access to the toArray() method belonging to this Config object. The toArray() method is a utility function that recursively iterates through the entire configuration tree. It operates by converting the underlying structured object data into a flat, standard PHP array. This recursive conversion includes both public-facing system settings and deeply nested internal security parameters.

When an attacker calls this specific method from within a Twig template, the templating engine processes the request without triggering any sandbox security exceptions. The resulting complete configuration array is subsequently passed to the rendering engine. The rendering engine serializes and embeds this raw array data directly into the final HTML output of the page. The technical failure lies entirely in the overly broad permissions granted to the Config object within the restrictive sandbox context.

Exploitation Methodology

Exploitation of CVE-2026-44738 mandates that the attacker possesses an active, authenticated account on the target Grav CMS instance. The account must be provisioned with the admin.pages role, which grants the necessary permissions to create or edit page content. Once authenticated, the attacker accesses the Grav Admin panel and navigates to the standard page management interface.

The attacker crafts a malicious Twig payload and directly injects it into the Markdown or HTML body of a targeted page. The foundational payload consists of the template tags {{ config.toArray() }}. Depending on the target environment and specific rendering constraints, the attacker typically chains this method call with formatting filters. Payloads such as {{ config.toArray()|json_encode }} or {{ config.toArray()|print_r }} ensure the resulting output is cleanly structured and easily parsed from the rendered page source.

After saving the modified page, the attacker views the public-facing URL or utilizes the administrative preview function provided by the CMS. The Grav rendering engine parses the Twig tags, successfully bypasses the sandbox via the explicitly allowed toArray() method, and triggers the configuration dump. The attacker then simply accesses the HTTP response body and scrapes the HTML source code to extract the serialized configuration secrets.

Impact Assessment

The security impact of CVE-2026-44738 is classified as high severity, carrying a CVSS v3.1 base score of 7.7. The unauthorized disclosure of the merged system configuration provides an attacker with the cryptographic keys and authentication tokens required to compromise the entire infrastructure supporting the Grav installation. This significantly alters the scope of the initial compromise, extending the threat horizon from a single web application to multiple integrated external services.

The exposed dataset typically includes core system secrets, such as framework security salts and internal encryption keys. Attackers leverage these specific values to forge administrative sessions or locally decrypt other sensitive data stored within the file system. Furthermore, the configuration intrinsically holds highly sensitive third-party plugin parameters necessary for site operations.

Attackers can immediately harvest cleartext SMTP server credentials, AWS Access Key IDs and Secret Access Keys, OAuth client secrets, and various administrative API tokens for external service providers. If the Grav instance is configured to connect to external databases via specific data plugins, the connection strings and associated authentication credentials are also fully exposed. This comprehensive data leak enables attackers to rapidly escalate privileges, pivot to adjacent internal networks, or compromise third-party service accounts.

Remediation and Mitigation Strategy

The vendor explicitly addressed the root cause of CVE-2026-44738 in Grav version 2.0.0-rc.2. The primary and most effective mitigation strategy is an immediate upgrade to this patched release or any subsequent stable version. System administrators must verify the active software version via the Grav administrative dashboard or by utilizing the bin/gpm command-line interface tool.

The underlying code remediation involves modifying the core Twig sandbox security policy to explicitly remove the toArray() method from the allow-list governing the Config object. By categorically denying access to this specific recursive dump function, the templating engine raises a fatal sandbox security exception when the payload execution is attempted. This directly neutralizes the attacker's ability to extract the configuration state.

// Conceptual representation of the required sandbox policy modification
$policy = new \Twig\Sandbox\SecurityPolicy(
    $allowedTags, 
    $allowedFilters, 
    $allowedMethods, 
    $allowedProperties, 
    $allowedFunctions
);
 
// The patch specifically removes 'toArray' from the allowed methods for the Config class
// Vulnerable State: $allowedMethods = ['Grav\Common\Config\Config' => ['get', 'toArray', ...]];
// Patched State:    $allowedMethods = ['Grav\Common\Config\Config' => ['get', ...]];

If immediate patching is operationally impossible, administrators must strictly audit all user accounts holding the admin.pages role. Revoking this specific role from untrusted or unverified accounts effectively eliminates the primary exploitation prerequisite. Following the application of the patch, organizations must immediately cycle and rotate all system secrets, application passwords, and third-party API keys that were present in the configuration prior to remediation.

Official Patches

getgravGrav CMS 2.0.0-rc.2 Release Notes and Patch

Technical Appendix

CVSS Score
7.7/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Probability
0.03%
Top 91% most exploited

Affected Systems

Grav CMS CoreGrav CMS Admin PluginTwig Templating Engine Integration

Affected Versions Detail

Product
Affected Versions
Fixed Version
Grav CMS
getgrav
< 2.0.0-rc.22.0.0-rc.2
AttributeDetail
CWE IDCWE-200
Attack VectorNetwork (Authenticated)
CVSS Score7.7
EPSS Score0.00031
ImpactInformation Disclosure (High)
Exploit StatusProof of Concept Available

MITRE ATT&CK Mapping

T1005Data from Local System
Collection
T1552Unsecured Credentials
Credential Access
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor

Exposure of Sensitive Information to an Unauthorized Actor

Vulnerability Timeline

Vulnerability disclosed and published by GitHub and NVD
2026-05-11
Security advisory GHSA-j274-39qw-32c9 published
2026-05-11
Fix released in Grav version 2.0.0-rc.2
2026-05-11

References & Sources

  • [1]GitHub Security Advisory GHSA-j274-39qw-32c9
  • [2]NVD Record for CVE-2026-44738
  • [3]MITRE CVE Record for CVE-2026-44738
  • [4]Grav Version 2.0.0-rc.2 Release

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•26 minutes ago•GHSA-QRV3-253H-G69C
8.3

GHSA-QRV3-253H-G69C: Path Traversal and Arbitrary Symlink Creation via configDependencies in pnpm

A high-severity path traversal vulnerability exists in the pnpm package manager. By crafting a malicious lockfile (pnpm-lock.yaml) with path traversal characters in the configDependencies block, an attacker can create arbitrary directories and symlinks outside the project's node_modules/.pnpm-config directory. This exploitation happens automatically during pnpm installation, even when executing with scripts disabled via the --ignore-scripts flag.

Amit Schendel
Amit Schendel
0 views•7 min read
•about 1 hour ago•CVE-2026-49340
8.1

CVE-2026-49340: Arbitrary File Write via Path Traversal in Gonic Subsonic Playlist Handler

An arbitrary file write vulnerability exists in Gonic, a music streaming server implementing the Subsonic API. Due to an unreachable guard clause combined with missing path containment validation in the playlist storage engine, authenticated users can write playlist contents to arbitrary filesystem paths with overly permissive directory permissions.

Alon Barad
Alon Barad
5 views•7 min read
•about 3 hours ago•GHSA-985R-Q3QP-299H
8.8

GHSA-985R-Q3QP-299H: Incomplete Fix in phpMyFAQ Admin API Enables Privilege Escalation and Account Takeover

An incomplete mitigation of a predecessor vulnerability (GHSA-xvp4-phqj-cjr3 / CVE-2026-35671) in phpMyFAQ leaves sister administrative API endpoints vulnerable to Insecure Direct Object Reference (IDOR). Specifically, the `editUser` and `updateUserRights` endpoints lack object-level access controls, permitting authenticated low-privilege administrators to escalate their privileges or hijack SuperAdmin accounts.

Amit Schendel
Amit Schendel
9 views•6 min read
•about 5 hours ago•CVE-2026-48788
8.2

CVE-2026-48788: Cross-Site Scripting and Content-Type Spoofing in Remark42 Image Proxy

A critical-severity Cross-Site Scripting (XSS) and Content-Type spoofing vulnerability in Remark42 (versions 1.6.0 through 1.15.0) allows remote attackers to execute arbitrary client-side script code via a crafted image proxy request.

Alon Barad
Alon Barad
6 views•6 min read
•about 8 hours ago•CVE-2026-53462
5.9

CVE-2026-53462: Heap Use-After-Free Vulnerability in ImageMagick Vector Drawing Subsystem

CVE-2026-53462 is a heap Use-After-Free (UAF) vulnerability in ImageMagick's vector drawing subsystem, specifically within the coordinate allocation mechanism in CheckPrimitiveExtent. By parsing a crafted vector image (such as SVG or MVG) with extremely complex primitives, an attacker can trigger a memory reallocation failure. If the application fails to handle this allocation failure cleanly, it leaves a dangling pointer that can subsequently be accessed or freed again, causing memory corruption or an application crash.

Alon Barad
Alon Barad
7 views•7 min read
•about 11 hours ago•CVE-2026-39832
9.1

CVE-2026-39832: Silent Drop of Destination Constraints in golang.org/x/crypto SSH Agent Client

A critical security flaw was identified in the Go package golang.org/x/crypto/ssh/agent. The vulnerability arises during the serialization of key constraints when adding SSH identities to a remote agent or an in-memory keyring. Specifically, custom constraint extensions, such as destination restrictions like restrict-destination-v00@openssh.com, were silently omitted from serialization in client requests. This omission allowed keys to be loaded into the remote agent with zero destination-based restrictions, enabling unauthorized users with access to the agent socket on intermediate hosts to authenticate to any downstream host without policy enforcement. The issue was resolved in version v0.52.0 of the golang.org/x/crypto library.

Amit Schendel
Amit Schendel
9 views•7 min read