Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to iss…

CVE-2026-48555 is a server-side request forgery (SSRF) vulnerability in Spatie Laravel Media Library versions before 11.23.0. The vulnerability exists in the addMediaFromUrl() method in InteractsWithMedia.php, allowing remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs. This SSRF vulnerability could potentially be exploited to access internal resources, perform port scanning, or interact with internal services that should not be accessible from external sources. The vulnerability has been patched in version 11.23.0 of the library.