{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T23:23:30.447","vulnerabilities":[{"cve":{"id":"CVE-2026-23524","sourceIdentifier":"security-advisories@github.com","published":"2026-01-21T22:15:50.280","lastModified":"2026-03-06T20:02:37.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can be instantiated, which leaves users vulnerable to Remote Code Execution. The exploitability of this vulnerability is increased because Redis servers are commonly deployed without authentication, but only affects Laravel Reverb when horizontal scaling is enabled (REVERB_SCALING_ENABLED=true). This issue has been fixed in version 1.7.0. As a workaround, require a strong password for Redis access and ensure the service is only accessible via a private network or local loopback, and/or set REVERB_SCALING_ENABLED=false to bypass the vulnerable logic entirely (if the environment uses only one Reverb node)."},{"lang":"es","value":"Laravel Reverb proporciona un backend de comunicación WebSocket en tiempo real para aplicaciones Laravel. En las versiones 1.6.3 e inferiores, Reverb pasa datos del canal Redis directamente a la función unserialize() de PHP sin restringir qué clases pueden ser instanciadas, lo que deja a los usuarios vulnerables a la ejecución remota de código. La explotabilidad de esta vulnerabilidad se incrementa porque los servidores Redis se implementan comúnmente sin autenticación, pero solo afecta a Laravel Reverb cuando el escalado horizontal está habilitado (REVERB_SCALING_ENABLED=true). Este problema ha sido solucionado en la versión 1.7.0. Como solución alternativa, requiera una contraseña fuerte para el acceso a Redis y asegúrese de que el servicio solo sea accesible a través de una red privada o loopback local, y/o configure REVERB_SCALING_ENABLED=false para eludir completamente la lógica vulnerable (si el entorno utiliza solo un nodo Reverb)."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:laravel:reverb:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.0","matchCriteriaId":"AC0C178D-8618-4963-8AB2-75B260023D0A"}]}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/502.html","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://github.com/laravel/reverb/commit/9ec26f8ffbb701f84920dd0bb9781a1797591f1a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/laravel/reverb/releases/tag/v1.7.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/laravel/reverb/security/advisories/GHSA-m27r-m6rx-mhm4","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://laravel.com/docs/12.x/reverb#scaling","source":"security-advisories@github.com","tags":["Technical Description"]}]}}]}