Product
A high-severity two-factor authentication bypass vulnerability (CVE-2026-62232) in Grav CMS before version 2.0.4 allows an attacker with a victim's password to overwrite their 2FA secret via the `regenerate2FASecret` task, enabling unauthorized access by generating a valid TOTP code and reducing multi-factor authentication to password-only protection.