CVE-2026-61455
EUVD-2026-4290410.07.2026, 15:16
Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage resources.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| getgrav | grav | 𝑥 < 2.0.1 | CNA |
Common Weakness Enumeration