CVE-2026-61873 - Grav before 9.1.8 Arbitrary File Write via Twig-Processed Filename
CVE ID :CVE-2026-61873 Published : July 15, 2026, 12:18 p.m. | 15 minutes ago Description :Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never...