Grav Admin Panel Vulnerability Allows Account Takeover via Low-Privilege User

/HIGH /CVSS 8.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitydenial-of-servicecwe-269cwe-285cwe-639cwe-837
Grav Admin Panel Vulnerability Allows Account Takeover via Low-Privilege User

A critical business logic vulnerability, identified as CVE-2026-42609, exists in the Grav web platform’s Admin Panel. According to the National Vulnerability Database, this flaw, present in versions prior to 2.0.0-beta.2, allows a low-privileged user to overwrite existing accounts. Specifically, a user with only ‘user creation’ permissions can create a new user with an already existing username.

Instead of rejecting the duplicate username, the system incorrectly updates the existing account’s metadata and permissions. This fundamental design flaw can be exploited to overwrite even the primary administrator’s account, leading to a complete Denial of Service (DoS) for administrative functions and a severe Privilege De-escalation of the root account. The National Vulnerability Database assigned this a CVSS score of 8.1 (HIGH), underscoring the significant impact.

This isn’t a complex exploit; it leverages basic business logic failure. Attackers don’t need advanced skills to pull this off. Defenders need to recognize that even ‘low-privileged’ access can be weaponized into full administrative control when core identity management logic is broken. The fix is available in Grav version 2.0.0-beta.2, addressing the underlying issue.

What This Means For You

  • If your organization uses Grav, particularly older versions, this is a critical vulnerability. You must immediately verify your Grav version. If it's prior to 2.0.0-beta.2, patch to the latest version without delay. Audit your Grav Admin Panel logs for any suspicious user creation attempts or unexpected changes to administrator accounts, especially if you have delegated user creation permissions.

Indicators of Compromise

IDTypeIndicator
CVE-2026-42609 Privilege Escalation Grav Admin Panel, versions prior to 2.0.0-beta.2
CVE-2026-42609 Auth Bypass Grav Admin Panel, user creation functionality allows overwriting existing accounts
CVE-2026-42609 DoS Grav Admin Panel, overwriting administrator account leads to DoS on administrative functions

Written by SCW Vulnerability Desk

🔎
Track Grav Vulnerability Updates Use /brief to get the latest analyst-ready threat summary, including high-severity CVEs like this one affecting Grav.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 11, 2026 at 19:17 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

OpenClaw Improper Authentication: CVE-2026-8305 Publicly Exploitable

CVE-2026-8305 — A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component...

vulnerabilityCVEhigh-severitycwe-287
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 4 IOCs /⚙ 2 Sigma

OpenClaw Improper Access Control Bypasses Denylist, Allows Persistent Malicious Configs

CVE-2026-45006 — OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write...

vulnerabilityCVEhigh-severityimproper-access-controlcwe-184
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma

OpenClaw RCE: Arbitrary Code Execution via Plugin Setup Resolver

CVE-2026-45004 — OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup...

vulnerabilityCVEhigh-severitycode-executioncwe-427
/SCW Vulnerability Desk /HIGH /7.8 /⚑ 5 IOCs /⚙ 3 Sigma