CRITICAL
plank
CVE published 2026-03-26
CVE-2026-4809
**CVE-2026-4809** is a critical unpatched vulnerability in `plank/laravel-mediable` through version 6.4.0 that enables arbitrary file upload with potential remote code execution. The flaw occurs when applications using this package accept or prefer client-supplied MIME types during file upload handling, allowing attackers to bypass file type validation by submitting PHP executable code with a declared ben [truncated]