1 vulnerability across 1 product scored HIGH or above on July 17, 2026.
- π HIGH: 1
Exploit Status Upgrades
The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:
- [UPGRADED] CVE-2026-57219 (rabbitmq/rabbitmq_server) β F1: theoretical β itw, AAS: 10.9 β 13.7 (HIGH β CRITICAL). Originally in 2026-07-10 bulletin.
- [UPGRADED] CVE-2026-55884 (tilt-dev/tilt) β F1: exploitable β itw, AAS: 10.3 β 13.0 (HIGH β CRITICAL). Originally in 2026-07-10 bulletin.
- [UPGRADED] CVE-2026-55879 (openreplay/openreplay) β F1: exploitable β itw, AAS: 10.3 β 13.3 (HIGH β CRITICAL). Originally in 2026-07-10 bulletin.
π [HIGH] getgrav/grav
1 CVE | CVSS 4.0: 9.1 | AAS 9.3
cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*(< 2.0.4)
Grav CMS by getgrav is affected by 1 high-severity vulnerability (CVE-2026-62232, CVSS 9.1) involving a two-factor authentication bypass in the login plugin. An attacker who already possesses a victim’s password can exploit the regenerate2FASecret task to overwrite the existing 2FA secret without authorization or CSRF validation, effectively reducing two-factor authentication to password-only protection and gaining full account access. Organizations running Grav versions prior to 2.0.4 should prioritize upgrading immediately, as the vulnerability is considered exploitable; administrators should also review authentication logs for anomalous 2FA regeneration activity and consult the vendor advisory at the link above for additional remediation guidance.
- π CVE-2026-62232 (CVSS 4.0: 9.1)