Laravel CRLF injection in default email rule

PKSA-mdq4-51ck-6kdq CVE-2026-48019

Affected package: laravel/framework

Affected version: >=9.0.0,<10.0.0|>=10.0.0,<11.0.0|>=11.0.0,<12.0.0|>=12.0.0,<12.60.0|>=13.0.0,<13.10.0

Reported by:
FriendsOfPHP/security-advisories