1 vulnerability across 1 product scored HIGH or above on July 17, 2026.

  • 🟠 HIGH: 1

Exploit Status Upgrades

The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:

  • [UPGRADED] CVE-2026-57219 (rabbitmq/rabbitmq_server) β€” F1: theoretical β†’ itw, AAS: 10.9 β†’ 13.7 (HIGH β†’ CRITICAL). Originally in 2026-07-10 bulletin.
  • [UPGRADED] CVE-2026-55884 (tilt-dev/tilt) β€” F1: exploitable β†’ itw, AAS: 10.3 β†’ 13.0 (HIGH β†’ CRITICAL). Originally in 2026-07-10 bulletin.
  • [UPGRADED] CVE-2026-55879 (openreplay/openreplay) β€” F1: exploitable β†’ itw, AAS: 10.3 β†’ 13.3 (HIGH β†’ CRITICAL). Originally in 2026-07-10 bulletin.

🟠 [HIGH] getgrav/grav

1 CVE | CVSS 4.0: 9.1 | AAS 9.3

  • cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:* (< 2.0.4)

Grav CMS by getgrav is affected by 1 high-severity vulnerability (CVE-2026-62232, CVSS 9.1) involving a two-factor authentication bypass in the login plugin. An attacker who already possesses a victim’s password can exploit the regenerate2FASecret task to overwrite the existing 2FA secret without authorization or CSRF validation, effectively reducing two-factor authentication to password-only protection and gaining full account access. Organizations running Grav versions prior to 2.0.4 should prioritize upgrading immediately, as the vulnerability is considered exploitable; administrators should also review authentication logs for anomalous 2FA regeneration activity and consult the vendor advisory at the link above for additional remediation guidance.

Vendor Advisory