Summary
Dear Grav Security Team,
A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity (XXE) injection.
Vulnerability Summary
| Field | Details |
|---|---|
| Vulnerability Type | XML External Entity (XXE) Injection |
| Severity | High (CVSS 7.5) |
| Affected Versions | Grav CMS <= 1.7.x |
| Affected Component | SVG file upload/processing |
| CWE | CWE-611: Improper Restriction of XML External Entity Reference |
| Authentication Required | Yes (Admin panel access) |
Technical Details
Root Cause
The application uses simplexml_load_string() to process uploaded SVG files without disabling external entity loading. This allows attackers to inject XXE payloads that are processed by the XML parser.
Vulnerable Code Pattern
// Current (Vulnerable):
$svg = simplexml_load_string($content);
// No LIBXML_NOENT flag or entity loader protection
Attack Vector
- Attacker authenticates to Grav admin panel
- Uploads malicious SVG file via Pages → Media or File Manager plugin
- Server parses SVG and processes XXE entities
- Arbitrary file contents are exfiltrated
Proof of Concept
Malicious SVG Payload
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE svg [
<!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
<text x="10" y="50">&xxe;</text>
</svg>
Steps to Reproduce
- Login to Grav CMS admin panel
- Navigate to Pages → select any page → Media tab
- Upload the malicious SVG file
- Observe file contents in response/error or stored output
Request
- Please acknowledge receipt of this report within 5 business days
- Please provide an estimated timeline for a security patch
- I am happy to assist with testing the fix
- I request a CVE be assigned for this vulnerability
- If you have a security advisory process, please include me in the credits
Turki Almatrafi.
Maintainer note, fix applied (2026-04-24)
Fixed across two repos:
Grav core on the
2.0branch (commit5a12f9be8, ships in 2.0.0-beta.2),VectorImageMedium::__construct(the code path that reads width/height from an uploaded SVG) now strips<!DOCTYPE>and<!ENTITY>declarations before parsing, and callssimplexml_load_stringwithLIBXML_NONET | LIBXML_NOERROR | LIBXML_NOWARNING. On PHP < 8 it also callslibxml_disable_entity_loader(true)for the duration of the parse.rhukster/dom-sanitizer (commit
02d08ec), the library Grav ships as its SVG sanitizer.loadDocumentnow applies the same DOCTYPE/ENTITY strip and passesLIBXML_NONETtoloadXML/loadHTML.
With both layers in place, the PoC:
<!DOCTYPE svg [
<!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
<text x="10" y="50">&xxe;</text>
</svg>
no longer expands &xxe;, and the parser cannot make outbound filesystem or network requests for external entities/DTDs. Billion-laughs-style entity expansion is also neutralized because the declarations are stripped before libxml ever sees them.
Files:
system/src/Grav/Common/Page/Medium/VectorImageMedium.php.tests/unit/Grav/Common/Security/SvgXxeSecurityTest.php, XXE neutralization + billion-laughs + plain-SVG regression.- dom-sanitizer:
src/DOMSanitizer.php+ two new XXE tests in its own suite.
Impact
An authenticated attacker can:
Read sensitive files:
/etc/passwd- System user informationuser/accounts/*.yaml- Admin credentials and 2FA secretsuser/config/system.yaml- System configuration.envfiles - Environment secrets and API keys
Perform SSRF - Access internal services via external entity URLs
Potential DoS - Billion laughs attack via recursive entity expansion
An XML parser processes external entity references in untrusted input, causing the server to fetch internal resources or remote URLs. Typical impact: local file disclosure, server-side request forgery, or denial of service.
GHSA-3446-6MGW-F79P has a CVSS score of 6.5 (Medium). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (2.0.0-beta.2); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Option 1: Add XXE Protection Flags
libxml_use_internal_errors(true);
$svg = simplexml_load_string($content, 'SimpleXMLElement', LIBXML_NOENT | LIBXML_DTDLOAD);
Option 2: Use SVG Sanitizer Library (Recommended)
use enshrined\svgSanitize\Sanitizer;
$sanitizer = new Sanitizer();
$sanitizer->removeRemoteReferences(true);
$cleanSVG = $sanitizer->sanitize($content);
The enshrined/svg-sanitize library properly strips XXE payloads and other malicious SVG content.
Frequently Asked Questions
- What is GHSA-3446-6MGW-F79P? GHSA-3446-6MGW-F79P is a medium-severity XML external entity injection (XXE) vulnerability in getgrav/grav (composer), affecting versions < 2.0.0-beta.2. It is fixed in 2.0.0-beta.2. An XML parser processes external entity references in untrusted input, causing the server to fetch internal resources or remote URLs.
- How severe is GHSA-3446-6MGW-F79P? GHSA-3446-6MGW-F79P has a CVSS score of 6.5 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of getgrav/grav are affected by GHSA-3446-6MGW-F79P? getgrav/grav (composer) versions < 2.0.0-beta.2 is affected.
- Is there a fix for GHSA-3446-6MGW-F79P? Yes. GHSA-3446-6MGW-F79P is fixed in 2.0.0-beta.2. Upgrade to this version or later.
- Is GHSA-3446-6MGW-F79P exploitable, and should I be worried? Whether GHSA-3446-6MGW-F79P is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether GHSA-3446-6MGW-F79P is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix GHSA-3446-6MGW-F79P? Upgrade
getgrav/gravto 2.0.0-beta.2 or later.