The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ in the Admin2 SPA bootstrap page at /grav/admin (and its subroutes). This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base path, runtime environment type, and exact Grav and Admin2 version numbers, allowing an unauthenticated attacker to fingerprint the deployment and select version-specific exploits without reconnaissance.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 11 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ in the Admin2 SPA bootstrap page at /grav/admin (and its subroutes). This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base path, runtime environment type, and exact Grav and Admin2 version numbers, allowing an unauthenticated attacker to fingerprint the deployment and select version-specific exploits without reconnaissance. | |
| Title | Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__ | |
| First Time appeared |
Getgrav
Getgrav grav |
|
| Weaknesses | CWE-200 | |
| CPEs | cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Getgrav
Getgrav grav |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-11T13:01:06.507Z
Reserved: 2026-07-09T14:06:14.017Z
Link: CVE-2026-61454
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-11T14:45:04Z
Weaknesses