CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-fggg-964j-3j7h: Spatie Laravel Media Library contains a server-side request forgery vulnerability

mediumCVSS 7.4CVE-2026-48555
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedia.php.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
medium — CVSS 7.4
Published
2026-05-29
Last updated
2026-07-02
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-fggg-964j-3j7h

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-48555coverage & exploitation statusNVD · CVE.org

More from GitHub Security Advisories