CVE-2026-44692
HighCVSS 7.7Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
Sharp, a content management framework for Laravel, prior to version 9.22.0, exposed a generic download endpoint that authorized access only to the supplied Sharp entity instance. An authenticated user could use this instance to download unrelated objects from Laravel storage disks.
Risk Assessment
The risk involves the authenticated disclosure of unauthorized objects from Laravel storage disks by authenticated users, potentially leading to the leakage of sensitive data.
Recommendation
It is recommended to upgrade to version 9.22.0 or later to patch this vulnerability and secure access to objects on storage disks.
Original NVD description (English source)
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user who can view one valid record may use that record as an authorization anchor to download unrelated disk-relative objects from configured Laravel Storage disks. The confirmed impact is authenticated disclosure of unrelated objects from configured Laravel Storage disks. This issue does not imply arbitrary host filesystem access outside configured Laravel Storage disk roots. This issue has been patched in version 9.22.0.

