Headline
GHSA-9g95-48c6-r778: Livewire Filemanager does not restrict uploaded file types
Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup process within Laravel applications has been completed.
Skip to content
Navigation Menu
AI CODE CREATION
GitHub CopilotWrite better code with AI
GitHub SparkBuild and deploy intelligent apps
GitHub ModelsManage and compare prompts
MCP RegistryNewIntegrate external tools
View all features
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
Appearance settings
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-14894
Livewire Filemanager does not restrict uploaded file types
High severity GitHub Reviewed Published Jan 16, 2026 to the GitHub Advisory Database • Updated Jan 20, 2026
Package
composer livewire-filemanager/filemanager (Composer)
Affected versions
<= 1.0.4
Description
Published to the GitHub Advisory Database
Jan 16, 2026
Last updated
Jan 20, 2026
Related news
In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mistake or hidden service can turn into a real