CVE Catalog

CVE-2026-48166

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

Filament, a collection of components for accelerated Laravel development, has a vulnerability in the login page from versions 4.0.0 to 4.11.5 and 5.6.5 that allows unauthenticated attackers to enumerate registered email addresses.

Risk Assessment

The risk involves disclosing whether an account exists for a given email address, which may lead to further attacks on users.

Recommendation

It is recommended to upgrade to versions 4.11.5 or 5.6.5 to mitigate this vulnerability.

Original NVD description (English source)

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether an account exists for a given email. This vulnerability is fixed in 4.11.5 and 5.6.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS