[CRITICAL] Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature

PKSA-st6r-p3js-kbk7 CVE-2026-42607 GHSA-w48r-jppp-rcfw

Affected package: getgrav/grav

Affected version: <2.0.0-beta.2

Reported by:
GitHub