Back to overview

CVE-2026-49970

HIGH
8.8
CVSS 3.1
Description
Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestination(). Attackers can exploit the permissive character-class regex that allows both dot and slash characters combined with an ineffective trailing trim() call to bypass sanitization and upload files to sensitive locations such as the document root, environment configuration files, or application configuration directories, enabling remote code execution.

Metadata

CVE ID
CVE-2026-49970
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-02 16:30 UTC
Published
2026-07-13 18:11 UTC
Last updated
2026-07-13 18:11 UTC
Primary CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory …
Vendor / Product
plank / laravel-mediable
Sources
cve.org  ·  NVD

Severity & Metrics

8.8 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
plank laravel-mediable 0 < 7.0.0
Weakness (CWE)
CWESourceDescription
CWE-22 cna Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS scores (2)
ScoreSeverityVersionSourceVector
8.8 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Back to overview