Is CVE-2026-48019 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-48019 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-48019 affect?

CVE-2026-48019 affects Laravel.

Vulnerability intelligence

CVE-2026-48019

CVE-2026-48019 allows email header manipulation via unsanitized CRLF sequences. A second CVE compounds the risk.

Laravel 2026

What WebPulse reported · 4 analyses

Laravel's Core Email Handling Has a CRLF Injection Flaw. It's Not a Plugin.

CVE-2026-48019 allows email header manipulation via unsanitized CRLF sequences. A second CVE compounds the risk.

June 21, 2026

The PHP-to-Python Pipeline: AI Integration Is the Pull Factor

WordPress and Laravel score 35 and 74 on AI-readiness. Django and FastAPI score 75 and 95. The language switch is not about syntax.

June 22, 2026

Laravel Patched Two Active CVEs in Days. That Speed Is the Product.

CVE-2026-48019 and CVE-2026-4809 disclosed and resolved in a single release cycle — centralized maintenance at work.

June 22, 2026

Laravel Is the Best PHP Framework. It Still Got a High-Severity CVE This Week.

CVE-2026-48019 lets attackers inject headers into outbound emails — no authentication required. Laravel patched it in days. WordPress plugins with similar flaws

June 12, 2026

View CVE-2026-48019 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-4809 CVE-2025-54068 CVE-2021-3129 CVE-2018-15133 CVE-2026-9082 CVE-2026-8206 CVE-2026-35273 CVE-2026-11645