Home / Vulnerability Intelligence / CVE-2026-4809

CVE-2026-4809 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 26, 2026

plank/laravel-mediable - Unrestricted File Upload

Published: March 26, 2026Updated: March 26, 2026Remote Exploitable

Overview

plank/laravel-mediable <= 6.4.0 contains an unrestricted file upload vulnerability caused by accepting client-supplied MIME types during file upload, letting remote attackers upload executable PHP files, potentially leading to remote code execution, exploit requires application to accept client MIME types.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 39.3%(Probability of exploitation in next 30 days)

Impact

Remote attackers can upload executable PHP files, potentially leading to remote code execution on the server.

Mitigation

Update to the latest version once available or implement strict server-side MIME type validation.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 26, 2026

🔴 CVE-2026-4809 - Critical (9.8) plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can s... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4809/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4809
Severity: Critical
CVSS Score: 9.8
Type: unrestricted_file_upload
Status: unconfirmed
EPSS: 39.3%
Social Posts: 1

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

39.3%Probability of exploitation in the next 30 days