CVE-2026-23524 (CNNVD-202601-3336)

CRITICAL
中文标题:
Laravel Reverb 代码问题漏洞
英文标题:
Laravel Redis Horizontal Scaling Insecure Deserialization
CVSS分数: 9.8
发布时间: 2026-01-21 22:07:55
漏洞类型: 代码问题
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v3
漏洞描述
中文描述:

Laravel Reverb是The Laravel Framework开源的一个库。为Laravel应用程序带来了实时WebSocket通信。 Laravel Reverb 1.6.3及之前版本存在代码问题漏洞,该漏洞源于数据未经限制直接传递给反序列化函数,可能导致远程代码执行。

英文描述:

Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can be instantiated, which leaves users vulnerable to Remote Code Execution. The exploitability of this vulnerability is increased because Redis servers are commonly deployed without authentication, but only affects Laravel Reverb when horizontal scaling is enabled (REVERB_SCALING_ENABLED=true). This issue has been fixed in version 1.7.0. As a workaround, require a strong password for Redis access and ensure the service is only accessible via a private network or local loopback, and/or set REVERB_SCALING_ENABLED=false to bypass the vulnerable logic entirely (if the environment uses only one Reverb node).

CWE类型:
CWE-502
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
laravel reverb < 1.7.0 - - cpe:2.3:a:laravel:reverb:<_1.7.0:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/laravel/reverb/security/advisories/GHSA-m27r-m6rx-mhm4 x_refsource_CONFIRM
cve.org
访问
https://github.com/laravel/reverb/commit/9ec26f8ffbb701f84920dd0bb9781a1797591f1a x_refsource_MISC
cve.org
访问
https://cwe.mitre.org/data/definitions/502.html x_refsource_MISC
cve.org
访问
https://github.com/laravel/reverb/releases/tag/v1.7.0 x_refsource_MISC
cve.org
访问
https://laravel.com/docs/12.x/reverb#scaling x_refsource_MISC
cve.org
访问
CVSS评分详情
3.1 (cna)
CRITICAL
9.8
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2026-01-21 22:07:55
修改时间:
2026-01-21 22:07:55
创建时间:
2026-01-22 06:00:10
更新时间:
2026-01-27 06:00:17
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2026-23524 2026-01-22 03:19:50 2026-01-21 22:00:10
NVD nvd_CVE-2026-23524 2026-01-22 02:00:05 2026-01-21 22:00:14
CNNVD cnnvd_CNNVD-202601-3336 2026-01-26 02:10:03 2026-01-25 18:11:55
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2026-01-26 02:11:55
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-202601-3336; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 代码问题
  • cnnvd_id: 未提取 -> CNNVD-202601-3336
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2026-01-22 06:00:14
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']