CVE-2026-61454 - Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__
CVE ID :CVE-2026-61454 Published : July 11, 2026, 2:16 p.m. | 16 minutes ago Description :The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ in the Admin2 SPA bootstrap page at /grav/admin (and its subroutes). This...