CVE-2026-56700
Grav CMS Unsafe Deserialization and Command Injection Vulnerabilities.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Grav CMS has critical code-execution vulnerabilities due to unsafe deserialization and command injection flaws, allowing attackers to run arbitrary code. These issues can be triggered through crafted input or during plugin/theme installation, potentially compromising the server.