File Upload Vulnerability in Filament Components by Vendor Filament
CVE-2026-48500

6.5MEDIUM

Key Information:

Vendor: FilamentPHP
Status: Filament
Vendor: CVE Published:; 22 June 2026

🔔 Create FilamentPHP Vulnerability Alert

What is CVE-2026-48500?

Filament, a robust collection of components geared towards Laravel development, is susceptible to a security risk where unauthorized users can upload files to the application's temporary storage. This issue arises from the inclusion of file upload form fields in certain schemas that do not necessitate such functionality, allowing potential attackers to exploit this feature on components like the panel login form. By manipulating these components, unauthorized users may exhaust server disk space or inflate storage costs through temporary file uploads. The vulnerability has been addressed in versions 3.3.52, 4.11.5, and 5.6.5.

Affected Version(s)

filament >= 3.0.0, < 3.3.52 < 3.0.0, 3.3.52

filament >= 5.0.0, < 5.6.5 < 5.0.0, 5.6.5

filament >= 4.0.0, < 4.11.5 < 4.0.0, 4.11.5

References

https://github.com/filamentphp/filament/security/advisori...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48500 Data

JSON