EXECUTIVE SUMMARY:
CVE-2026-44692 with a CVSS score of 7.7 is a vulnerability in the code16/sharp package, specifically affecting versions prior to 9.22.0. This vulnerability arises from a generic download endpoint exposed by Sharp, which authorizes access to a supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. An authenticated Sharp user with view access to at least one valid Sharp entity instance can use this record as an authorization anchor to download unrelated disk-relative objects from configured Laravel Storage disks. The attacker does not need authorization to the storage object being downloaded, only an authenticated Sharp session and view access to one valid entity instance. Depending on the application, exposed files may include sensitive data such as exports, backups, invoices, internal documents, uploads, tenant-specific data, or operational files stored on private application disks. If exploited, this vulnerability can lead to unauthorized disclosure of sensitive data, resulting in significant business impact and consequences, including potential data breaches and reputational damage.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-44692 with a CVSS score of 7.7 is a vulnerability in the code16/sharp package, specifically affecting versions prior to 9.22.0. This vulnerability arises from a generic download endpoint exposed by Sharp, which authorizes access to a supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. An authenticated Sharp user with view access to at least one valid Sharp entity instance can use this record as an authorization anchor to download unrelated disk-relative objects from configured Laravel Storage disks. The attacker does not need authorization to the storage object being downloaded, only an authenticated Sharp session and view access to one valid entity instance. Depending on the application, exposed files may include sensitive data such as exports, backups, invoices, internal documents, uploads, tenant-specific data, or operational files stored on private application disks. If exploited, this vulnerability can lead to unauthorized disclosure of sensitive data, resulting in significant business impact and consequences, including potential data breaches and reputational damage.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-748w-hm6r-qc7v