Main Vulnerability Database Vulnerabilities #VU133116

Input validation error in Laravel Framework - CVE-2021-21263

Published: January 15, 2021 / Updated: June 1, 2026

Vulnerability identifier: #VU133116

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-21263

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Laravel LLC

Affected software:
Laravel Framework

Detailed vulnerability description

The vulnerability allows a remote attacker to cause queries to return unexpected results.

The vulnerability exists due to improper input validation in the query builder when processing crafted request input that supplies an array where a scalar value is expected. A remote attacker can send specially crafted input to cause queries to return unexpected results.

Exploitation requires application code to pass unvalidated or uncast input to the query builder.

How to mitigate CVE-2021-21263

Install security update from vendor's website.

Input validation error in Laravel Framework - CVE-2021-21263

Detailed vulnerability description

How to mitigate CVE-2021-21263

Sources

Please verify you're human