216.73.217.98

CVE-2026-61455

· Published 10/07/2026 17:16 · Author: The MITRE Corporation

Labels: CVE-2026-61455

Essential information

Published
10/07/2026 17:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.5 MEDIUM (v3.1) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CWE-409
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage resources.

NVD status

NVD
View on NVD