What is CVE-2026-48167?

CVE-2026-48167 is a medium-severity vulnerability in Filamentphp Filament, classified under Cross-site Scripting. CVSS score: 6.4/10. Published 2026-06-22.

How severe is CVE-2026-48167?

Medium severity. CVSS v3 base score is 6.4 out of 10.

XSS in Filamentphp Filament

CVE-2026-48167

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to…

Vulnerability class: XSS (Cross-Site Scripting)

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Filamentphp Filament — versions >= 4.0.0, < 4.11.5, >= 5.0.0, < 5.6.5

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-48167?: CVE-2026-48167 is a medium-severity vulnerability in Filamentphp Filament, classified under Cross-site Scripting. CVSS score: 6.4/10. Published 2026-06-22.
How severe is CVE-2026-48167?: Medium severity. CVSS v3 base score is 6.4 out of 10.