Primary

Context

Laravel Mass Assignment Vulnerability Leading to Unvalidated Database Entries

Vulnerability

Patched

A vulnerability exists in Laravel versions prior to 6.18.34 and in the 7.x branch prior to 7.23.2, allowing unvalidated data to be saved to the database under certain conditions. This issue arises during mass assignment when table names are automatically removed, creating a potential for unexpected values to be recorded without proper validation.

Impact

Exploitation of this vulnerability could result in the database being populated with unvalidated and potentially harmful data.

Remediation

Users can upgrade to Laravel 6.18.34 or 7.23.2 to address this vulnerability.

Added: May 15, 2026, 10:05 AM

Updated: May 15, 2026, 10:05 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

8.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

8.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Laravel Mass Assignment Vulnerability Leading to Unvalidated Database Entries

Vulnerability

Impact

Remediation

Affected Products

Laravel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating