PatchSiren cyber security CVE debrief
CVE-2026-48166 filamentphp CVE debrief
A vulnerability in Filament, a collection of full-stack components for accelerated Laravel development, has been discovered. The issue, tracked as CVE-2026-48166, affects versions 4.0.0 through 4.11.5 and 5.6.5. It allows unauthenticated attackers to enumerate registered email addresses by exploiting an observable timing discrepancy on the login page. The impact of this vulnerability is limited to disclosing whether an account exists for a given email address. This issue has been fixed in versions 4.11.5 and 5.6.5.
- Vendor
- filamentphp
- Product
- filament
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-22
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-22
- Advisory updated
- 2026-06-23
Who should care
Organizations using Filament for Laravel development should be aware of this vulnerability and take necessary actions to protect their applications. Specifically, those using affected versions (4.0.0 through 4.11.4 and 5.6.4 or earlier) should update to a patched version as soon as possible. Security teams and developers responsible for maintaining Laravel applications that utilize Filament should prioritize this vulnerability and ensure that appropriate measures are taken.
Technical summary
CVE-2026-48166 is a medium-severity vulnerability with a CVSS score of 5.3. It is caused by an observable timing discrepancy on the login page of Filament, which allows unauthenticated attackers to determine if an account exists for a given email address. The vulnerability is due to the way the login page handles authentication requests, leading to a potential timing side-channel attack. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating a network attack vector with low attack complexity and no required privileges or user interaction. The vulnerability's impact is limited to confidentiality, with no impact on integrity or availability.
Defensive priority
This vulnerability should be prioritized as medium severity. While it does not allow for direct exploitation or significant data breaches, it can be used as a reconnaissance tool by attackers to gather information about valid email addresses associated with the application.
Recommended defensive actions
- Update Filament to version 4.11.5 or 5.6.5, or later, to apply the fix.
- Review and update affected applications that use Filament to ensure they are running a patched version.
- Consider implementing additional monitoring and logging to detect potential exploitation attempts.
- Conduct a thorough inventory of systems and applications that use Filament to identify all potentially affected assets.
- Develop a remediation plan for affected systems, prioritizing updates and patches.
Evidence notes
The CVE-2026-48166 vulnerability was publicly disclosed on June 22, 2026, and the CVE record was last modified on June 23, 2026. The vulnerability was reported by an unknown source and is tracked by the CVE.org and NVD databases. The official CVE record and NVD detail pages provide additional information about the vulnerability.
Official resources
-
CVE-2026-48166 CVE record
CVE.org
-
CVE-2026-48166 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
This article was generated with AI assistance based on the supplied source corpus and is intended for informational purposes only.