CVE-2026-33486
CVE-2026-33486 affects Roadiz and specifically the roadiz/documents component. The vulnerability is an SSRF/LFI flaw in theDownloadedFile::fromUrl() flow that occurs when importing external media; an attacker-controlled URL can be used with file:// to read local server files (including environmen...