CVE-2026-48555
7.4 HIGHSpatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to ...
Published: 2026-05-29 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 7.4 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
- CWE
- CWE-918
Description
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-48555
- [Other]https://github.com/spatie/laravel-medialibrary/commit/608ea03703d3887c46434f5dda6af56de6346aba
- [Other]https://github.com/spatie/laravel-medialibrary/pull/3939
- [Other]https://github.com/spatie/laravel-medialibrary/releases/tag/11.23.0
- [Other]https://www.vulncheck.com/advisories/spatie-laravel-media-library-ssrf-via-addmediafromurl
Related CVEs
Same CWE
- CVE-2025-60175 — Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions (4.4 MEDIUM)
- CVE-2026-12210 — A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0 (6.3 MEDIUM)
- CVE-2026-53827 — OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata ... (6.5 MEDIUM)
- CVE-2026-47268 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.4 MEDIUM)
- CVE-2026-46717 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (7.7 HIGH)