CVE-2026-44692
Deferred Deferred - Pending Action
Unauthorized File Download in Sharp CMS Framework

Publication date: 2026-06-10

Last updated on: 2026-06-11

Assigner: GitHub, Inc.

Description
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user who can view one valid record may use that record as an authorization anchor to download unrelated disk-relative objects from configured Laravel Storage disks. The confirmed impact is authenticated disclosure of unrelated objects from configured Laravel Storage disks. This issue does not imply arbitrary host filesystem access outside configured Laravel Storage disk roots. This issue has been patched in version 9.22.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-44692
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
laravel sharp to 9.22.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an authenticated Sharp user to download unrelated objects from configured Laravel Storage disks by exploiting a generic download endpoint that improperly authorizes access. The confirmed impact is the authenticated disclosure of unrelated objects, which could lead to unauthorized access to sensitive data.

Such unauthorized disclosure of data may affect compliance with data protection regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information. If the disclosed objects contain personal or protected health information, this vulnerability could result in non-compliance due to unauthorized data exposure.

Executive Summary

This vulnerability exists in Sharp, a content management framework for Laravel, prior to version 9.22.0. Sharp exposes a generic download endpoint that authorizes access only to a specific Sharp entity instance. However, it reads the target storage disk and path from request parameters without binding the requested storage object to the authorized entity instance.

As a result, an authenticated Sharp user who can view one valid record may exploit this by using that record as an authorization anchor to download unrelated objects from configured Laravel Storage disks. This means the user can access files they should not be authorized to see, but only within the configured storage disks.

The vulnerability does not allow arbitrary access to the host filesystem outside the configured Laravel Storage disk roots. This issue was fixed in Sharp version 9.22.0.

Impact Analysis

The vulnerability allows an authenticated user with access to one valid Sharp entity record to download unrelated files from the configured Laravel Storage disks. This leads to unauthorized disclosure of potentially sensitive or confidential files stored within those disks.

Since the attacker can access files beyond their authorized entity instance, this can result in data leakage and compromise of information confidentiality.

However, the vulnerability does not allow modification or deletion of files, nor does it allow access outside the configured storage disks.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Sharp to version 9.22.0 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart