top of page
perceptive_background_267k.jpg

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to iss…

Published:

28 May 2026 at 22:00:00

Alert date:

29 May 2026 at 21:09:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

CVE-2026-48555 is a server-side request forgery (SSRF) vulnerability in Spatie Laravel Media Library versions before 11.23.0. The vulnerability exists in the addMediaFromUrl() method in InteractsWithMedia.php, allowing remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs. This SSRF vulnerability could potentially be exploited to access internal resources, perform port scanning, or interact with internal services that should not be accessible from external sources. The vulnerability has been patched in version 11.23.0 of the library.

Technical details

Mitigation steps:

Affected products:

Spatie Laravel Media Library

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-48555
https://github.com/spatie/laravel-medialibrary/commit/608ea03703d3887c46434f5dda6af56de6346aba
https://github.com/spatie/laravel-medialibrary/pull/3939
https://github.com/spatie/laravel-medialibrary/releases/tag/11.23.0
https://www.vulncheck.com/advisories/spatie-laravel-media-library-ssrf-via-addmediafromurl

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page