Select Field Validation Flaw in Filament by Filament PHP
CVE-2026-48067

6.5MEDIUM

Key Information:

Vendor: FilamentPHP
Status: Filament
Vendor: CVE Published:; 22 June 2026

🔔 Create FilamentPHP Vulnerability Alert

What is CVE-2026-48067?

Filament features a vulnerability in its Select field validation where the recordSelectOptionsQuery() method does not uniformly apply the intended validation rules. This oversight allows a malicious user to manipulate the Livewire component's state by submitting values beyond the predefined scope, potentially compromising the functionality of AttachAction and AssociateAction operations. The issue has been addressed in the latest versions of filament/actions and filament/tables, ensuring stricter validation and security.

Affected Version(s)

filament >= 4.0.0, < 4.11.4 < 4.0.0, 4.11.4

filament >= 5.0.0, < 5.6.4 < 5.0.0, 5.6.4

filament >= 3.0.0, < 3.3.51 < 3.0.0, 3.3.51

References

https://github.com/filamentphp/filament/security/advisori...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-48067 Data

JSON