PatchSiren cyber security CVE debrief
CVE-2026-48167 filamentphp CVE debrief
CVE-2026-48167 is a stored cross-site scripting (XSS) vulnerability affecting Filament's ImageColumn and ImageEntry components. The vulnerability exists in versions 4.0.0 through 4.11.5 and 5.6.5, where these components render raw database values without proper HTML escaping. If the data passed to these components is not validated, an attacker could inject malicious HTML or JavaScript. This stored XSS vulnerability can execute for users who view the table or schema. The issue has been addressed in versions 4.11.5 and 5.6.5. Users should update to these versions to mitigate the vulnerability. Additionally, defenders should ensure that any user-input data rendered by these components is properly validated and sanitized to prevent exploitation.
- Vendor
- filamentphp
- Product
- filament
- CVSS
- MEDIUM 6.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-22
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-22
- Advisory updated
- 2026-06-23
Who should care
Developers and administrators using Filament versions 4.0.0 through 4.11.4 and 5.6.4 or earlier should be aware of this vulnerability. They should assess their applications for potential exposure and update to versions 4.11.5 or 5.6.5. Furthermore, users who view tables or schemas rendered by these components are also at risk and should ensure that their Filament installations are updated to the latest secure versions.
Technical summary
The vulnerability arises from the ImageColumn and ImageEntry components in Filament, which do not properly escape HTML when rendering raw database values. This oversight allows an attacker to inject malicious HTML or JavaScript, leading to stored XSS. The vulnerability's CVSS score is 6.4, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N, reflecting a network attack vector with low attack complexity, requiring low privileges, no user interaction, and a scope change. The weakness is classified under CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Defensive priority
Defenders should prioritize updating Filament to versions 4.11.5 or 5.6.5. Additionally, they should implement input validation and sanitization for data rendered by ImageColumn and ImageEntry components to prevent exploitation of this vulnerability.
Recommended defensive actions
- Update Filament to version 4.11.5 or 5.6.5.
- Implement input validation for data passed to ImageColumn and ImageEntry components.
- Sanitize user-input data rendered by these components.
- Monitor applications for potential exploitation attempts.
- Review and update any custom components that may be affected by this vulnerability.
Evidence notes
The CVE-2026-48167 vulnerability was made public on June 22, 2026, and the CVE record was last modified on June 23, 2026. The vulnerability was reported via a security advisory on GitHub (GHSA-3fc8-8hp6-6jr4). The CVE record and NVD detail provide additional information about the vulnerability, including its CVSS score and vector.
Official resources
-
CVE-2026-48167 CVE record
CVE.org
-
CVE-2026-48167 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
This article was generated with AI assistance based on the supplied source corpus and is intended for informational purposes only.