CVE-2026-48555

Published: Mag 29, 2026 Last Modified: Mag 29, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 7,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: Web Based, AI/ML, Web Server

View CWE Details

https://github.com/spatie/laravel-medialibrary/commit/608ea…

https://github.com/spatie/laravel-medialibrary/commit/608ea03703d3887c46434f5dd…

https://github.com/spatie/laravel-medialibrary/pull/3939

https://github.com/spatie/laravel-medialibrary/pull/3939

https://github.com/spatie/laravel-medialibrary/releases/tag…

https://github.com/spatie/laravel-medialibrary/releases/tag/11.23.0

https://www.vulncheck.com/advisories/spatie-laravel-media-l…

https://www.vulncheck.com/advisories/spatie-laravel-media-library-ssrf-via-addm…