Vulnerability in Filamentphp Filament
CVE-2026-48166
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered ema…
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Filamentphp Filament — versions >= 4.0.0, < 4.11.5, >= 5.0.0, < 5.6.5
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-48166?
- CVE-2026-48166 is a medium-severity vulnerability in Filamentphp Filament, classified under CWE-208. CVSS score: 5.3/10. Published 2026-06-22.
- How severe is CVE-2026-48166?
- Medium severity. CVSS v3 base score is 5.3 out of 10.