CVE-2026-44262 - Vulnerability Analysis
CriticalCVSS: 9.4Last Updated: May 13, 2026
Scramble Laravel - Remote Code Execution
Published: May 12, 2026Updated: May 13, 2026PoC AvailableRemote Exploitable
Overview
Scramble for Laravel >= 0.13.2 and < 0.13.22 contains a remote code execution caused by evaluation of user-controlled input in validation rules during documentation generation, letting remote attackers execute arbitrary PHP code, exploit requires publicly accessible documentation endpoints.
Severity & Score
Severity: Critical
CVSS Score: 9.4
Impact
Remote attackers can execute arbitrary PHP code, potentially leading to full application compromise.
Mitigation
Upgrade to version 0.13.22 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-44262
- Severity
- Critical
- CVSS Score
- 9.4
- Type
- undefined
- Status
- rejected
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L