Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-44692— Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint

CVSS 7.7 · High EPSS 0.26% · P18

Possible ATT&CK Techniques 1AI

T1530 · Data from Cloud Storage

Affected Version Matrix 1

VendorProductVersion RangeStatus
code16sharp< 9.22.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-44692

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
Source: NVD (National Vulnerability Database)
Vulnerability Description
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user who can view one valid record may use that record as an authorization anchor to download unrelated disk-relative objects from configured Laravel Storage disks. The confirmed impact is authenticated disclosure of unrelated objects from configured Laravel Storage disks. This issue does not imply arbitrary host filesystem access outside configured Laravel Storage disk roots. This issue has been patched in version 9.22.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
sharp 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
sharp是lovell个人开发者的一款用于将常见格式的大图像转换为更小的、对 Web 友好的 JPEG、PNG、WebP、GIF 和不同尺寸的 AVIF 图像。 sharp 9.22.0之前版本存在安全漏洞,该漏洞源于通用下载端点未将存储对象绑定到授权实体实例,可能导致认证用户使用有效记录作为授权锚点下载无关磁盘对象。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
code16sharp < 9.22.0 -

II. Public POCs for CVE-2026-44692

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-44692

登录查看更多情报信息。

Vendor Advisories for CVE-2026-44692 (2)

IV. Related Vulnerabilities

V. Comments for CVE-2026-44692

No comments yet


Leave a comment