CVE-2026-42843 | getgrav grav-plugin-api up to 1.0.0-beta.14 UsersController::update authorization (GHSA-r945-h4vm-h736)

A vulnerability described as critical has been identified in getgrav grav-plugin-api up to 1.0.0-beta.14. Affected is the function UsersController::update. The manipulation results in incorrect authorization.

This vulnerability is cataloged as CVE-2026-42843. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More