Laravel Medialibrary

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-48557	Spatie Laravel Medialibrary	Hig	0.50	8.8	—		May 29, 2026	Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo()…
CVE-2026-48555	Spatie Laravel Medialibrary	Hig	0.41	7.4	—		May 29, 2026	Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in…

CVE-2026-48557HigMay 29, 2026
Spatie
Laravel Medialibrary
risk 0.50cvss 8.8epss —
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo()…
CVE-2026-48555HigMay 29, 2026
Spatie
Laravel Medialibrary
risk 0.41cvss 7.4epss —
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in…