PatchSiren cyber security CVE debrief
CVE-2026-53634 code16 CVE debrief
CVE-2026-53634 is a vulnerability in the Sharp content management framework built for Laravel. An authenticated Sharp user without create permission on a given entity could bypass the authorization layer and either retrieve the creation form or submit new records for that entity. This issue affects versions from 9.0.0 to before 9.22.3 and has been patched in version 9.22.3.
- Vendor
- code16
- Product
- sharp
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of Sharp content management framework for Laravel, particularly those using versions between 9.0.0 and 9.22.3.
Technical summary
The create and store endpoints of the Quick Creation Command feature in Sharp did not enforce any authorization check. An authenticated user could bypass authorization and retrieve the creation form or submit new records for an entity with a configured Quick Creation Command handler.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to version 9.22.3 or later
- Review and adjust permissions for Sharp users
Evidence notes
CVSS Score: 4.3, CVSS Severity: MEDIUM, CWE-862: Missing Authorization
Official resources
CVE-2026-53634 was published on [cvePublishedAt].