HomeCVE Intelligence › CVE-2026-53932
CVSS 8.0 HIGH Vulnerability

CVE-2026-53932: laravel-backup-restore has an OS Command Injection during database restore

Summary A crafted backup archive can trigger OS command injection during database restore. The restore workflow extracts a ZIP archive, enumerates files under db-dumps, converts the dump path to an absolute path, and pa…

8.0CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-53932
Vendorcomposer
Affected Productwnx/laravel-backup-restore
Vulnerability TypeVulnerability
CVSS Score8.0 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary

gunzip -c {dumpFile} / gunzip < {dumpFile}
psql ... < {dumpFile}
sqlite3 ... < {dumpFile} Because Illuminate\Support\Facades\Process::run(string) uses Symfony Process::fromShellCommandline(), shell metacharacters in the dump filename are interpreted by /bin/sh on Unix-like systems or by the platform shell on Windows.

A crafted backup archive can trigger OS command injection during database restore. The restore workflow extracts a ZIP archive, enumerates files under db-dumps, converts the dump path to an absolute path, and passes that path into database import commands that are built as shell command strings. The dump filename is not shell-escaped before it is interpolated into commands such as: - mysql ... < {dumpFile}

Impact

If an attacker can cause

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-53932 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence