CVE-2026-48557 | spatie laravel-medialibrary up to 11.22.x Configuration defaultSanitizer incomplete blacklist

A vulnerability classified as critical has been found in spatie laravel-medialibrary up to 11.22.x. This impacts the function FileAdder::defaultSanitizer of the component Configuration Handler. This manipulation causes incomplete blacklist.

This vulnerability is tracked as CVE-2026-48557. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More