CVE-2026-4809P2CRITICALCVSS 9.8≤ 6.4.02026-03-26
CVE-2026-4809 [CRITICAL] CWE-434 CVE-2026-4809: plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an appli
plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can submit a file containing executable PHP code while declaring a benign image MIME type, resulting in arbit
nvd