Vendor
A critical OS command injection vulnerability, tracked as CVE-2026-53932, exists in the wnx/laravel-backup-restore package (versions <= 1.9.3), allowing an attacker to execute arbitrary shell commands on the hosting system by crafting a malicious backup archive with shell metacharacters in a database dump filename, leading to application compromise, data tampering, and potential lateral movement.