A vulnerability has been found in plank laravel-mediable up to 6.x and classified as critical. The impacted element is the function File::sanitizePath of the component File Upload Handler. The manipulation of the argument directory leads to path traversal.

This vulnerability is listed as CVE-2026-49970. The attack may be initiated remotely. There is no available exploit.