Home

Description

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.

PUBLISHED Reserved 2026-01-25 | Published 2026-01-27 | Updated 2026-01-27 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

Allocation of Resources Without Limits or Throttling

Product status

3.7.0
affected

Credits

iqzer0 finder

References

www.exploit-db.com/exploits/49198 (ExploitDB-49198) exploit

nova.laravel.com/ (Laravel Nova Official Homepage) product

nova.laravel.com/releases (Laravel Nova Releases Page) patch

www.vulncheck.com/advisories/laravel-nova-range-dos (VulnCheck Advisory: Laravel Nova 3.7.0 - 'range' DoS) third-party-advisory

cve.org (CVE-2020-36950)

nvd.nist.gov (CVE-2020-36950)

Download JSON