CVE-2026-48555

HIGH WAF: Medium

CVSS 7.4 Published: 2026-05-29

CWE-918

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.

WAF Coverage Analysis

Server-Side Request Forgery (SSRF) Medium WAF Coverage

OWASP: A10:2021 SSRF

934xxx - Node.js / Generic Injection

References

github.com
github.com
github.com
www.vulncheck.com

Back to CVE Database