CVE-2026-48555

Source
https://cve.org/CVERecord?id=CVE-2026-48555
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48555.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-48555
Aliases
Published
2026-05-29T18:30:27.182Z
Modified
2026-07-08T08:10:42.506968229Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L CVSS Calculator
Summary
Spatie Laravel Media Library < 11.23.0 SSRF via addMediaFromUrl()
Details

Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48555.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

Git / github.com/spatie/laravel-medialibrary

Affected ranges

Type
GIT
Repo
https://github.com/spatie/laravel-medialibrary
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "11.23.0"
        }
    ]
}

Affected versions

0.*
0.1.0
1.*
1.0.0
1.1.1
1.1.2
1.1.3
1.1.4
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.6.0
1.6.2
10.*
10.0.0
10.0.1
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.1.0
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
10.10.0
10.10.1
10.10.2
10.11.0
10.11.1
10.11.2
10.11.3
10.13.0
10.13.1
10.13.2
10.14.0
10.15.0
10.3.5
10.3.6
10.4.0
10.4.1
10.4.2
10.4.3
10.4.4
10.4.5
10.5.0
10.5.1
10.5.2
10.6.0
10.6.1
10.7.0
10.7.1
10.7.10
10.7.11
10.7.12
10.7.13
10.7.15
10.7.16
10.7.2
10.7.3
10.7.4
10.7.5
10.7.6
10.7.7
10.7.8
10.7.9
10.8.0
10.9.0
10.9.1
10.9.2
10.9.3
10.9.4
11.*
11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5
11.1.0
11.1.1
11.1.2
11.10.0
11.10.1
11.11.0
11.11.1
11.12.0
11.12.1
11.12.2
11.12.3
11.12.4
11.12.5
11.12.6
11.12.7
11.12.8
11.12.9
11.13.0
11.14.0
11.17.0
11.17.1
11.17.10
11.17.2
11.17.3
11.17.4
11.17.5
11.17.6
11.17.7
11.17.8
11.17.9
11.18.0
11.18.1
11.18.2
11.19.0
11.2.0
11.20.0
11.21.0
11.21.1
11.21.2
11.22.0
11.22.1
11.3.0
11.3.1
11.4.0
11.4.1
11.4.2
11.4.3
11.4.4
11.4.5
11.4.6
11.4.7
11.4.8
11.5.0
11.5.1
11.5.2
11.5.3
11.5.4
11.6.0
11.6.1
11.7.0
11.7.1
11.7.2
11.7.4
11.7.5
11.7.6
11.8.0
11.8.1
11.8.2
11.8.3
11.9.0
11.9.1
11.9.2
2.*
2.0.0
2.0.1
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.2.0
2.2.1
2.2.2
2.2.3
2.3.0
3.*
3.0.0
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.10.0
3.10.1
3.10.2
3.11.0
3.11.1
3.11.2
3.11.3
3.12.0
3.12.1
3.12.2
3.13.3
3.13.4
3.14.0
3.14.1
3.15.0
3.16.0
3.16.1
3.17.0
3.17.1
3.17.2
3.17.3
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.3.0
3.3.1
3.4.0
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.7.3
3.8.0
3.9.0
3.9.1
3.9.2
4.*
4.0.0
4.0.1
4.1
4.10.0
4.10.1
4.10.2
4.11.1
4.11.2
4.11.3
4.12.1
4.13.0
4.2
4.2.1
4.3.0
4.4.0
4.4.1
4.5.0
4.6.0
4.7.0
4.7.1
4.8.0
4.8.1
4.8.2
4.8.3
4.9.1
4.9.2
4.9.3
4.9.4
4.9.5
5.*
5.0.0
5.0.1
5.0.2
5.1.0
5.10.0
5.11.0
5.11.1
5.12.1
5.13.0
5.13.1
5.13.2
5.14.0
5.2.0
5.3.0
5.3.1
5.3.2
5.3.3
5.4.0
5.5.0
5.5.1
5.5.2
5.5.3
5.6.0
5.7.0
5.8.0
5.8.1
5.8.2
5.9.0
6.*
6.0.0
6.1.0
6.1.1
6.1.2
6.1.3
6.2.0
6.2.1
6.3.0
6.4.0
6.4.1
6.4.2
6.5.0
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.6.5
6.6.6
6.6.7
6.6.8
6.6.9
6.7.0
6.8.0
6.9.0
6.9.1
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.1.0
7.1.1
7.1.2
7.1.3
7.10.0
7.10.1
7.11.0
7.12.0
7.12.1
7.12.2
7.12.3
7.12.4
7.13.0
7.14.0
7.14.1
7.14.2
7.16.0
7.16.1
7.16.2
7.17.0
7.18.1
7.18.2
7.18.3
7.19.0
7.19.1
7.19.3
7.3.10
7.3.11
7.3.12
7.3.5
7.3.6
7.3.7
7.3.8
7.3.9
7.4.0
7.4.1
7.4.2
7.4.3
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5
7.5.6
7.6.0
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.6.9
7.7.0
7.8.0
7.8.1
7.8.2
7.9.0
8.*
8.0.0
8.0.6
8.0.7
8.0.8
8.1.0
8.10.0
8.10.1
8.2.1
8.2.2
8.2.3
8.2.4
8.2.5
8.2.6
8.2.9
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.4.1
8.5.0
8.5.1
8.5.2
8.6.0
8.7.0
8.7.1
8.7.2
8.7.3
8.7.4
8.7.5
8.8.0
8.9.0
8.9.1
8.9.2
8.9.3
9.*
9.0.0
9.0.1
9.1.0
9.1.2
9.1.4
9.1.5
9.10.1
9.10.2
9.10.3
9.11.0
9.11.1
9.12.1
9.12.2
9.2.0
9.3.0
9.4.0
9.4.1
9.4.2
9.4.3
9.4.4
9.5.0
9.6.0
9.6.1
9.6.2
9.6.3
9.6.4
9.7.0
9.7.1
9.7.2
9.7.3
9.7.4
9.7.5
9.8.0
9.8.1
9.8.2
9.8.3
9.8.4
9.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48555.json"