CVE-2026-48166
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
Filament, a collection of components for accelerated Laravel development, has a vulnerability in the login page from versions 4.0.0 to 4.11.5 and 5.6.5 that allows unauthenticated attackers to enumerate registered email addresses.
Risk Assessment
The risk involves disclosing whether an account exists for a given email address, which may lead to further attacks on users.
Recommendation
It is recommended to upgrade to versions 4.11.5 or 5.6.5 to mitigate this vulnerability.
Original NVD description (English source)
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether an account exists for a given email. This vulnerability is fixed in 4.11.5 and 5.6.5.

