A vulnerability was found in plank laravel-mediable up to 6.x. It has been classified as problematic. This impacts the function
MediaUploader::fromSource of the component MediaUploader. This manipulation of the argument URLs causes server-side request forgery.
This vulnerability is registered as CVE-2026-49969. Remote exploitation of the attack is possible. No exploit is available.