CVE-2026-61457 - Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass
CVE ID :CVE-2026-61457 Published : July 15, 2026, 12:18 p.m. | 16 minutes ago Description :The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension() inspects only the final file...