GHSA-3446-6MGW-F79P

Vulnerability from github – Published: 2026-05-05 21:35 – Updated: 2026-05-05 21:35
VLAI
Summary
Grav is Vulnerable to XXE via SVG Upload
Details

Dear Grav Security Team,

A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity (XXE) injection.

Vulnerability Summary

Field Details
Vulnerability Type XML External Entity (XXE) Injection
Severity High (CVSS 7.5)
Affected Versions Grav CMS <= 1.7.x
Affected Component SVG file upload/processing
CWE CWE-611: Improper Restriction of XML External Entity Reference
Authentication Required Yes (Admin panel access)

Technical Details

Root Cause The application uses simplexml_load_string() to process uploaded SVG files without disabling external entity loading. This allows attackers to inject XXE payloads that are processed by the XML parser.

Vulnerable Code Pattern

// Current (Vulnerable):
$svg = simplexml_load_string($content);

// No LIBXML_NOENT flag or entity loader protection

Attack Vector 1. Attacker authenticates to Grav admin panel 2. Uploads malicious SVG file via Pages → Media or File Manager plugin 3. Server parses SVG and processes XXE entities 4. Arbitrary file contents are exfiltrated

Impact

An authenticated attacker can:

  1. Read sensitive files:
  2. /etc/passwd - System user information
  3. user/accounts/*.yaml - Admin credentials and 2FA secrets
  4. user/config/system.yaml - System configuration

  5. .env files - Environment secrets and API keys

  6. Perform SSRF - Access internal services via external entity URLs

  7. Potential DoS - Billion laughs attack via recursive entity expansion

Proof of Concept

Malicious SVG Payload

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE svg [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
  <text x="10" y="50">&xxe;</text>
</svg>

Steps to Reproduce 1. Login to Grav CMS admin panel 2. Navigate to Pages → select any page → Media tab 3. Upload the malicious SVG file 4. Observe file contents in response/error or stored output

Recommended Fix

Option 1: Add XXE Protection Flags

libxml_use_internal_errors(true);
$svg = simplexml_load_string($content, 'SimpleXMLElement', LIBXML_NOENT | LIBXML_DTDLOAD);

Option 2: Use SVG Sanitizer Library (Recommended)

use enshrined\svgSanitize\Sanitizer;

$sanitizer = new Sanitizer();
$sanitizer->removeRemoteReferences(true);
$cleanSVG = $sanitizer->sanitize($content);

The enshrined/svg-sanitize library properly strips XXE payloads and other malicious SVG content.

Request

  1. Please acknowledge receipt of this report within 5 business days
  2. Please provide an estimated timeline for a security patch
  3. I am happy to assist with testing the fix
  4. I request a CVE be assigned for this vulnerability
  5. If you have a security advisory process, please include me in the credits

Turki Almatrafi.

Maintainer note — fix applied (2026-04-24)

Fixed across two repos:

  1. Grav core on the 2.0 branch (commit 5a12f9be8, ships in 2.0.0-beta.2) — VectorImageMedium::__construct (the code path that reads width/height from an uploaded SVG) now strips <!DOCTYPE> and <!ENTITY> declarations before parsing, and calls simplexml_load_string with LIBXML_NONET | LIBXML_NOERROR | LIBXML_NOWARNING. On PHP < 8 it also calls libxml_disable_entity_loader(true) for the duration of the parse.

  2. rhukster/dom-sanitizer (commit 02d08ec) — the library Grav ships as its SVG sanitizer. loadDocument now applies the same DOCTYPE/ENTITY strip and passes LIBXML_NONET to loadXML/loadHTML.

With both layers in place, the PoC:

<!DOCTYPE svg [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
  <text x="10" y="50">&xxe;</text>
</svg>

no longer expands &xxe;, and the parser cannot make outbound filesystem or network requests for external entities/DTDs. Billion-laughs-style entity expansion is also neutralized because the declarations are stripped before libxml ever sees them.

Files: - system/src/Grav/Common/Page/Medium/VectorImageMedium.php. - tests/unit/Grav/Common/Security/SvgXxeSecurityTest.php — XXE neutralization + billion-laughs + plain-SVG regression. - dom-sanitizer: src/DOMSanitizer.php + two new XXE tests in its own suite.

Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getgrav/grav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0-beta.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T21:35:53Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Dear Grav Security Team,\n\nA security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity (XXE) injection.\n\n Vulnerability Summary\n\n| Field | Details |\n|-------|---------|\n| Vulnerability Type | XML External Entity (XXE) Injection |\n| Severity | High (CVSS 7.5) |\n| Affected Versions | Grav CMS \u003c= 1.7.x |\n| Affected Component | SVG file upload/processing |\n| CWE | CWE-611: Improper Restriction of XML External Entity Reference |\n| Authentication Required | Yes (Admin panel access) |\n\nTechnical Details\n\n Root Cause\nThe application uses `simplexml_load_string()` to process uploaded SVG files without disabling external entity loading. This allows attackers to inject XXE payloads that are processed by the XML parser.\n\n Vulnerable Code Pattern\n```php\n// Current (Vulnerable):\n$svg = simplexml_load_string($content);\n\n// No LIBXML_NOENT flag or entity loader protection\n```\n\n Attack Vector\n1. Attacker authenticates to Grav admin panel\n2. Uploads malicious SVG file via Pages \u2192 Media or File Manager plugin\n3. Server parses SVG and processes XXE entities\n4. Arbitrary file contents are exfiltrated\n\n Impact\n\nAn authenticated attacker can:\n\n1. Read sensitive files:\n   - `/etc/passwd` - System user information\n   - `user/accounts/*.yaml` - Admin credentials and 2FA secrets\n   - `user/config/system.yaml` - System configuration\n   - `.env` files - Environment secrets and API keys\n\n2. Perform SSRF - Access internal services via external entity URLs\n\n3. Potential DoS - Billion laughs attack via recursive entity expansion\n\nProof of Concept\n\n Malicious SVG Payload\n```xml\n\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE svg [\n  \u003c!ENTITY xxe SYSTEM \"file:///etc/passwd\"\u003e\n]\u003e\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\" width=\"100\" height=\"100\"\u003e\n  \u003ctext x=\"10\" y=\"50\"\u003e\u0026xxe;\u003c/text\u003e\n\u003c/svg\u003e\n```\n\n Steps to Reproduce\n1. Login to Grav CMS admin panel\n2. Navigate to Pages \u2192 select any page \u2192 Media tab\n3. Upload the malicious SVG file\n4. Observe file contents in response/error or stored output\n\n Recommended Fix\n\n Option 1: Add XXE Protection Flags\n```php\nlibxml_use_internal_errors(true);\n$svg = simplexml_load_string($content, \u0027SimpleXMLElement\u0027, LIBXML_NOENT | LIBXML_DTDLOAD);\n```\n\n Option 2: Use SVG Sanitizer Library (Recommended)\n```php\nuse enshrined\\svgSanitize\\Sanitizer;\n\n$sanitizer = new Sanitizer();\n$sanitizer-\u003eremoveRemoteReferences(true);\n$cleanSVG = $sanitizer-\u003esanitize($content);\n```\n\nThe `enshrined/svg-sanitize` library properly strips XXE payloads and other malicious SVG content.\n\n Request\n\n1. Please acknowledge receipt of this report within 5 business days\n2. Please provide an estimated timeline for a security patch\n3. I am happy to assist with testing the fix\n4. I request a CVE be assigned for this vulnerability\n5. If you have a security advisory process, please include me in the credits\n\nTurki Almatrafi.\n\n\n\n---\n\n## Maintainer note \u2014 fix applied (2026-04-24)\n\nFixed across two repos:\n\n1. **Grav core on the `2.0` branch** (commit [`5a12f9be8`](https://github.com/getgrav/grav/commit/5a12f9be8), ships in **2.0.0-beta.2**) \u2014 `VectorImageMedium::__construct` (the code path that reads width/height from an uploaded SVG) now strips `\u003c!DOCTYPE\u003e` and `\u003c!ENTITY\u003e` declarations before parsing, and calls `simplexml_load_string` with `LIBXML_NONET | LIBXML_NOERROR | LIBXML_NOWARNING`. On PHP \u003c 8 it also calls `libxml_disable_entity_loader(true)` for the duration of the parse.\n\n2. **rhukster/dom-sanitizer** (commit [`02d08ec`](https://github.com/rhukster/dom-sanitizer/commit/02d08ec)) \u2014 the library Grav ships as its SVG sanitizer. `loadDocument` now applies the same DOCTYPE/ENTITY strip and passes `LIBXML_NONET` to `loadXML`/`loadHTML`.\n\nWith both layers in place, the PoC:\n\n```xml\n\u003c!DOCTYPE svg [\n  \u003c!ENTITY xxe SYSTEM \"file:///etc/passwd\"\u003e\n]\u003e\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\" width=\"100\" height=\"100\"\u003e\n  \u003ctext x=\"10\" y=\"50\"\u003e\u0026xxe;\u003c/text\u003e\n\u003c/svg\u003e\n```\n\nno longer expands `\u0026xxe;`, and the parser cannot make outbound filesystem or network requests for external entities/DTDs. Billion-laughs-style entity expansion is also neutralized because the declarations are stripped before libxml ever sees them.\n\n**Files:**\n- [`system/src/Grav/Common/Page/Medium/VectorImageMedium.php`](https://github.com/getgrav/grav/blob/2.0/system/src/Grav/Common/Page/Medium/VectorImageMedium.php).\n- [`tests/unit/Grav/Common/Security/SvgXxeSecurityTest.php`](https://github.com/getgrav/grav/blob/2.0/tests/unit/Grav/Common/Security/SvgXxeSecurityTest.php) \u2014 XXE neutralization + billion-laughs + plain-SVG regression.\n- dom-sanitizer: [`src/DOMSanitizer.php`](https://github.com/rhukster/dom-sanitizer/blob/main/src/DOMSanitizer.php) + two new XXE tests in its own suite.",
  "id": "GHSA-3446-6mgw-f79p",
  "modified": "2026-05-05T21:35:53Z",
  "published": "2026-05-05T21:35:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-3446-6mgw-f79p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/commit/5a12f9be8314682c8713e569e330f11805d0a663"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getgrav/grav"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Grav is Vulnerable to XXE via SVG Upload "
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.