top of page
perceptive_background_267k.jpg

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. Theā€¦

Published:

25 maart 2026 om 23:00:00

Alert date:

26 maart 2026 om 23:03:12

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

Sharp, a content management framework for Laravel, contains a path traversal vulnerability in versions prior to 9.20.0. The vulnerability exists in the FileUtil class where the application fails to properly sanitize file extensions, allowing path separators to be passed into the storage layer. The issue occurs in the FileUtil::explodeExtension() function which extracts file extensions by splitting filenames at the last dot. This vulnerability has been patched in version 9.20.0 by implementing proper extension sanitization using pathinfo(PATHINFO_EXTENSION) instead of strrpos() and applying strict regex replacements to both base names and extensions.

Technical details

Mitigation steps:

Affected products:

Sharp Laravel Framework

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-33686
https://github.com/code16/sharp/pull/715
https://github.com/code16/sharp/security/advisories/GHSA-9ffq-6457-8958

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page