GHSA-3446-6MGW-F79P

GHSA-3446-6MGW-F79P is a medium-severity XML external entity injection (XXE) vulnerability in getgrav/grav (composer), affecting versions < 2.0.0-beta.2. It is fixed in 2.0.0-beta.2.

Summary

Dear Grav Security Team,

A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity (XXE) injection.

Vulnerability Summary

Field Details
Vulnerability Type XML External Entity (XXE) Injection
Severity High (CVSS 7.5)
Affected Versions Grav CMS <= 1.7.x
Affected Component SVG file upload/processing
CWE CWE-611: Improper Restriction of XML External Entity Reference
Authentication Required Yes (Admin panel access)

Technical Details

Root Cause
The application uses simplexml_load_string() to process uploaded SVG files without disabling external entity loading. This allows attackers to inject XXE payloads that are processed by the XML parser.

Vulnerable Code Pattern

// Current (Vulnerable):
$svg = simplexml_load_string($content);

// No LIBXML_NOENT flag or entity loader protection

Attack Vector

  1. Attacker authenticates to Grav admin panel
  2. Uploads malicious SVG file via Pages → Media or File Manager plugin
  3. Server parses SVG and processes XXE entities
  4. Arbitrary file contents are exfiltrated

Proof of Concept

Malicious SVG Payload

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE svg [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
  <text x="10" y="50">&xxe;</text>
</svg>

Steps to Reproduce

  1. Login to Grav CMS admin panel
  2. Navigate to Pages → select any page → Media tab
  3. Upload the malicious SVG file
  4. Observe file contents in response/error or stored output

Request

  1. Please acknowledge receipt of this report within 5 business days
  2. Please provide an estimated timeline for a security patch
  3. I am happy to assist with testing the fix
  4. I request a CVE be assigned for this vulnerability
  5. If you have a security advisory process, please include me in the credits

Turki Almatrafi.

Maintainer note, fix applied (2026-04-24)

Fixed across two repos:

  1. Grav core on the 2.0 branch (commit 5a12f9be8, ships in 2.0.0-beta.2), VectorImageMedium::__construct (the code path that reads width/height from an uploaded SVG) now strips <!DOCTYPE> and <!ENTITY> declarations before parsing, and calls simplexml_load_string with LIBXML_NONET | LIBXML_NOERROR | LIBXML_NOWARNING. On PHP < 8 it also calls libxml_disable_entity_loader(true) for the duration of the parse.

  2. rhukster/dom-sanitizer (commit 02d08ec), the library Grav ships as its SVG sanitizer. loadDocument now applies the same DOCTYPE/ENTITY strip and passes LIBXML_NONET to loadXML/loadHTML.

With both layers in place, the PoC:

<!DOCTYPE svg [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
  <text x="10" y="50">&xxe;</text>
</svg>

no longer expands &xxe;, and the parser cannot make outbound filesystem or network requests for external entities/DTDs. Billion-laughs-style entity expansion is also neutralized because the declarations are stripped before libxml ever sees them.

Files:

Impact

An authenticated attacker can:

  1. Read sensitive files:

    • /etc/passwd - System user information
    • user/accounts/*.yaml - Admin credentials and 2FA secrets
    • user/config/system.yaml - System configuration
    • .env files - Environment secrets and API keys
  2. Perform SSRF - Access internal services via external entity URLs

  3. Potential DoS - Billion laughs attack via recursive entity expansion

An XML parser processes external entity references in untrusted input, causing the server to fetch internal resources or remote URLs. Typical impact: local file disclosure, server-side request forgery, or denial of service.

GHSA-3446-6MGW-F79P has a CVSS score of 6.5 (Medium). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (2.0.0-beta.2); upgrading removes the vulnerable code path.

Affected versions

getgrav/grav (< 2.0.0-beta.2)

Security releases

getgrav/grav → 2.0.0-beta.2 (composer)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Option 1: Add XXE Protection Flags

libxml_use_internal_errors(true);
$svg = simplexml_load_string($content, 'SimpleXMLElement', LIBXML_NOENT | LIBXML_DTDLOAD);

Option 2: Use SVG Sanitizer Library (Recommended)

use enshrined\svgSanitize\Sanitizer;

$sanitizer = new Sanitizer();
$sanitizer->removeRemoteReferences(true);
$cleanSVG = $sanitizer->sanitize($content);

The enshrined/svg-sanitize library properly strips XXE payloads and other malicious SVG content.

Frequently Asked Questions

  1. What is GHSA-3446-6MGW-F79P? GHSA-3446-6MGW-F79P is a medium-severity XML external entity injection (XXE) vulnerability in getgrav/grav (composer), affecting versions < 2.0.0-beta.2. It is fixed in 2.0.0-beta.2. An XML parser processes external entity references in untrusted input, causing the server to fetch internal resources or remote URLs.
  2. How severe is GHSA-3446-6MGW-F79P? GHSA-3446-6MGW-F79P has a CVSS score of 6.5 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of getgrav/grav are affected by GHSA-3446-6MGW-F79P? getgrav/grav (composer) versions < 2.0.0-beta.2 is affected.
  4. Is there a fix for GHSA-3446-6MGW-F79P? Yes. GHSA-3446-6MGW-F79P is fixed in 2.0.0-beta.2. Upgrade to this version or later.
  5. Is GHSA-3446-6MGW-F79P exploitable, and should I be worried? Whether GHSA-3446-6MGW-F79P is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether GHSA-3446-6MGW-F79P is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix GHSA-3446-6MGW-F79P? Upgrade getgrav/grav to 2.0.0-beta.2 or later.

Other vulnerabilities in getgrav/grav

CVE-2026-55890CVE-2026-55885CVE-2026-44738CVE-2026-44737CVE-2026-42844

Stop the waste.
Protect your environment with Kodem.