Skip to content
Verified reproduction

CVE-2026-56700: Grav CMS unsafe deserialization and command injection RCE

CVE-2026-56700 is verified against the affected target vulnerability class: RCE This critical reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00233.

REPRO-2026-00233 RCE Variant found Jul 6, 2026 .txt
Severity CRITICAL
Confidence HIGH
Reproduced in 53m 20s
Tool calls 359
Spend $17.17
$ pruva-verify REPRO-2026-00233
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00233/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Unsafe unserialize() calls in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session deserialize untrusted data without restricting allowed classes, enabling PHP object injection. Additionally, a command injection path exists. Reproduce: deploy Grav CMS from a vulnerable version, craft a malicious serialized payload or cache/session file, and trigger processing through the affected component to obtain arbitrary command execution.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/vuln_variant/root_cause_equivalence.json0.7 KB
bundle/repro/reproduction_steps.sh20.5 KB
bundle/repro/rca_report.md6.5 KB
bundle/repro/validation_verdict.json0.9 KB
bundle/repro/runtime_manifest.json4.2 KB
bundle/repro/proof_vulnerable_1.txt0.0 KB
bundle/repro/proof_vulnerable_2.txt0.0 KB
bundle/logs/fixed_composer_1.log7.7 KB
bundle/logs/fixed_composer_2.log7.7 KB
bundle/logs/fixed_filecache_gap.log0.4 KB
bundle/logs/fixed_health_1_body.txt0.0 KB
bundle/logs/fixed_health_1_headers.txt0.5 KB
bundle/logs/fixed_health_2_body.txt0.0 KB
bundle/logs/fixed_health_2_headers.txt0.5 KB
bundle/logs/fixed_jobqueue_gap.log0.4 KB
bundle/logs/fixed_queue_files_after_1.txt0.1 KB
bundle/logs/fixed_queue_files_after_2.txt0.1 KB
bundle/logs/fixed_scheduler_1.log0.4 KB
bundle/logs/fixed_scheduler_2.log0.4 KB
bundle/logs/fixed_scheduler_health_1_body.json0.3 KB
bundle/logs/fixed_scheduler_health_1_headers.txt0.4 KB
bundle/logs/fixed_scheduler_health_2_body.json0.3 KB
bundle/logs/fixed_scheduler_health_2_headers.txt0.4 KB
bundle/logs/fixed_server_1.log0.6 KB
bundle/logs/fixed_server_2.log0.6 KB
bundle/logs/fixed_session_gap.log0.4 KB
bundle/logs/fixed_webhook_curl_1.log0.0 KB
bundle/logs/fixed_webhook_curl_2.log0.0 KB
bundle/logs/fixed_webhook_request_1.txt0.3 KB
bundle/logs/fixed_webhook_request_2.txt0.3 KB
bundle/logs/fixed_webhook_response_1_body.json0.1 KB
bundle/logs/fixed_webhook_response_1_headers.txt0.4 KB
bundle/logs/fixed_webhook_response_2_body.json0.1 KB
bundle/logs/fixed_webhook_response_2_headers.txt0.4 KB
bundle/logs/payload_fixed_1.generate.log0.0 KB
bundle/logs/payload_fixed_2.generate.log0.0 KB
bundle/logs/payload_vulnerable_1.generate.log0.0 KB
bundle/logs/payload_vulnerable_2.generate.log0.0 KB
bundle/logs/vulnerable_composer_1.log7.7 KB
bundle/logs/vulnerable_composer_2.log7.7 KB
bundle/logs/vulnerable_filecache_gap.log0.1 KB
bundle/logs/vulnerable_health_1_body.txt0.0 KB
bundle/logs/vulnerable_health_1_headers.txt0.5 KB
bundle/logs/vulnerable_health_2_body.txt0.0 KB
bundle/logs/vulnerable_health_2_headers.txt0.5 KB
bundle/logs/vulnerable_jobqueue_gap.log0.1 KB
bundle/logs/vulnerable_queue_files_after_1.txt0.1 KB
bundle/logs/vulnerable_queue_files_after_2.txt0.1 KB
bundle/logs/vulnerable_scheduler_1.log0.3 KB
bundle/logs/vulnerable_scheduler_2.log0.3 KB
bundle/logs/vulnerable_scheduler_health_1_body.json0.3 KB
bundle/logs/vulnerable_scheduler_health_1_headers.txt0.4 KB
bundle/logs/vulnerable_scheduler_health_2_body.json0.3 KB
bundle/logs/vulnerable_scheduler_health_2_headers.txt0.4 KB
bundle/logs/vulnerable_server_1.log0.6 KB
bundle/logs/vulnerable_server_2.log0.6 KB
bundle/logs/vulnerable_session_gap.log0.1 KB
bundle/logs/vulnerable_webhook_curl_1.log0.0 KB
bundle/logs/vulnerable_webhook_curl_2.log0.0 KB
bundle/logs/vulnerable_webhook_request_1.txt0.3 KB
bundle/logs/vulnerable_webhook_request_2.txt0.3 KB
bundle/logs/vulnerable_webhook_response_1_body.json0.1 KB
bundle/logs/vulnerable_webhook_response_1_headers.txt0.4 KB
bundle/logs/vulnerable_webhook_response_2_body.json0.1 KB
bundle/logs/vulnerable_webhook_response_2_headers.txt0.4 KB
bundle/logs/webhook_plugin_commit.log0.0 KB
bundle/logs/webhook_plugin_fetch.log0.1 KB
bundle/repro/payload_fixed_1.b642.3 KB
bundle/repro/payload_fixed_1.generate.log0.0 KB
bundle/repro/payload_fixed_2.b642.3 KB
bundle/repro/payload_fixed_2.generate.log0.0 KB
bundle/repro/payload_vulnerable_1.b642.3 KB
bundle/repro/payload_vulnerable_1.generate.log0.0 KB
bundle/repro/payload_vulnerable_2.b642.3 KB
bundle/repro/payload_vulnerable_2.generate.log0.0 KB
bundle/repro/queue_fixed_1.json2.6 KB
bundle/repro/queue_fixed_2.json2.6 KB
bundle/repro/queue_vulnerable_1.json2.7 KB
bundle/repro/queue_vulnerable_2.json2.7 KB
bundle/vuln_variant/reproduction_steps.sh9.1 KB
bundle/vuln_variant/rca_report.md9.3 KB
bundle/vuln_variant/patch_analysis.md6.2 KB
bundle/vuln_variant/variant_manifest.json3.4 KB
bundle/vuln_variant/validation_verdict.json3.0 KB
bundle/vuln_variant/runtime_manifest.json1.4 KB
bundle/logs/vuln_variant/reproduction_result.json0.5 KB
bundle/vuln_variant/proof_vulnerable.txt0.0 KB
bundle/vuln_variant/proof_fixed.txt0.0 KB