Skip to content
Vulnerability intelligence

CVE-2026-4809

CVE-2026-48019 and CVE-2026-4809 disclosed and resolved in a single release cycle — centralized maintenance at work.

Laravel 2026
What WebPulse reported · 2 analyses
Laravel Patched Two Active CVEs in Days. That Speed Is the Product.

CVE-2026-48019 and CVE-2026-4809 disclosed and resolved in a single release cycle — centralized maintenance at work.

June 22, 2026
Laravel's Core Email Handling Has a CRLF Injection Flaw. It's Not a Plugin.

CVE-2026-48019 allows email header manipulation via unsanitized CRLF sequences. A second CVE compounds the risk.

June 21, 2026
View CVE-2026-4809 on the NIST National Vulnerability Database →
Related vulnerabilities
CVE-2026-48019 CVE-2025-54068 CVE-2021-3129 CVE-2018-15133 CVE-2026-9082 CVE-2026-8206 CVE-2026-35273 CVE-2026-11645