GHSA-44wp-g8f4-f4v5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-44wp-g8f4-f4v5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-44wp-g8f4-f4v5/GHSA-44wp-g8f4-f4v5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-44wp-g8f4-f4v5
- Aliases
-
- CVE-2026-48500
- Published
- 2026-06-23T22:16:58Z
- Modified
- 2026-06-23T22:30:08.357814579Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- Filament: Unauthenticated temporary file upload on auth pages
- Details
-
Any schema can contain a file upload form field, so Filament applies Livewire's
WithFileUploadstrait to the Livewire component the schema is embedded in. However, some schemas, such as the panel login form, do not require file uploads, and exposing unauthenticated temporary file uploads on these components is not an acceptable risk. On these components, an unauthenticated attacker could upload arbitrary files to the application's temporary storage, which could be abused to exhaust disk space or inflate storage costs. - Database specific
{ "github_reviewed_at": "2026-06-23T22:16:58Z", "severity": "MODERATE", "cwe_ids": [ "CWE-862" ], "github_reviewed": true, "nvd_published_at": "2026-06-22T22:16:47Z" }- References
Affected packages
Packagist / filament/filament
Package
- Name
- filament/filament
- Purl
- pkg:composer/filament%2Ffilament
Affected versions
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.16
v4.0.17
v4.0.18
v4.0.19
v4.0.20
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.1.10
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.3.0
v4.3.1
v4.4.0
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.6.0
v4.6.1
v4.6.2
v4.6.3
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.8.0
v4.8.1
v4.8.2
v4.8.3
v4.8.4
v4.8.5
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v4.9.4
v4.9.5
v4.10.0
v4.10.1
v4.10.2
v4.11.0
v4.11.1
v4.11.2
v4.11.3
v4.11.4
Packagist / filament/filament
Package
- Name
- filament/filament
- Purl
- pkg:composer/filament%2Ffilament
Packagist / filament/filament
Package
- Name
- filament/filament
- Purl
- pkg:composer/filament%2Ffilament
Affected versions
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.18
v3.0.19
v3.0.20
v3.0.21
v3.0.22
v3.0.23
v3.0.24
v3.0.25
v3.0.26
v3.0.27
v3.0.28
v3.0.29
v3.0.30
v3.0.31
v3.0.32
v3.0.33
v3.0.34
v3.0.35
v3.0.36
v3.0.37
v3.0.38
v3.0.39
v3.0.40
v3.0.41
v3.0.42
v3.0.43
v3.0.44
v3.0.45
v3.0.46
v3.0.47
v3.0.48
v3.0.49
v3.0.50
v3.0.51
v3.0.52
v3.0.53
v3.0.54
v3.0.55
v3.0.56
v3.0.57
v3.0.58
v3.0.59
v3.0.60
v3.0.61
v3.0.62
v3.0.63
v3.0.64
v3.0.65
v3.0.66
v3.0.67
v3.0.68
v3.0.69
v3.0.70
v3.0.71
v3.0.72
v3.0.73
v3.0.74
v3.0.75
v3.0.76
v3.0.77
v3.0.78
v3.0.79
v3.0.80
v3.0.81
v3.0.82
v3.0.83
v3.0.84
v3.0.85
v3.0.86
v3.0.87
v3.0.88
v3.0.89
v3.0.90
v3.0.91
v3.0.92
v3.0.93
v3.0.94
v3.0.95
v3.0.96
v3.0.97
v3.0.98
v3.0.99
v3.0.100
v3.0.101
v3.0.102
v3.0.103
v3.1.0-alpha1
v3.1.0-alpha2
v3.1.0-alpha3
v3.1.0-alpha4
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.14
v3.1.15
v3.1.16
v3.1.17
v3.1.18
v3.1.19
v3.1.20
v3.1.21
v3.1.22
v3.1.23
v3.1.24
v3.1.25
v3.1.26
v3.1.27
v3.1.28
v3.1.29
v3.1.30
v3.1.31
v3.1.32
v3.1.33
v3.1.34
v3.1.35
v3.1.36
v3.1.37
v3.1.38
v3.1.39
v3.1.40
v3.1.41
v3.1.42
v3.1.43
v3.1.44
v3.1.45
v3.1.46
v3.1.47
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.14
v3.2.15
v3.2.16
v3.2.17
v3.2.18
v3.2.19
v3.2.20
v3.2.21
v3.2.22
v3.2.23
v3.2.24
v3.2.25-beta1
v3.2.25
v3.2.26
v3.2.27
v3.2.28
v3.2.29
v3.2.30
v3.2.31
v3.2.32
v3.2.33
v3.2.34
v3.2.35
v3.2.36
v3.2.37
v3.2.38
v3.2.39
v3.2.40
v3.2.41
v3.2.42
v3.2.43
v3.2.44
v3.2.45
v3.2.46
v3.2.47
v3.2.48
v3.2.49
v3.2.50
v3.2.51
v3.2.52
v3.2.53
v3.2.54
v3.2.55
v3.2.56
v3.2.57
v3.2.58
v3.2.59
v3.2.60
v3.2.61
v3.2.62
v3.2.63
v3.2.64
v3.2.65
v3.2.66
v3.2.67
v3.2.68
v3.2.69
v3.2.70
v3.2.71
v3.2.72
v3.2.73
v3.2.74
v3.2.75
v3.2.76
v3.2.77
v3.2.78
v3.2.79
v3.2.80
v3.2.81
v3.2.82
v3.2.83
v3.2.84
v3.2.85
v3.2.86
v3.2.87-beta1
v3.2.87
v3.2.88
v3.2.89
v3.2.90
v3.2.91
v3.2.92
v3.2.93
v3.2.94
v3.2.95
v3.2.96
v3.2.97
v3.2.98
v3.2.99
v3.2.100
v3.2.101
v3.2.102
v3.2.103
v3.2.104
v3.2.105
v3.2.106
v3.2.107
v3.2.108
v3.2.109
v3.2.110
v3.2.111
v3.2.112
v3.2.113
v3.2.114
v3.2.115
v3.2.116
v3.2.117
v3.2.118
v3.2.119
v3.2.120
v3.2.121
v3.2.122
v3.2.123
v3.2.124
v3.2.125
v3.2.126
v3.2.127
v3.2.128
v3.2.129
v3.2.130
v3.2.131
v3.2.132
v3.2.133
v3.2.134
v3.2.135
v3.2.136
v3.2.137
v3.2.138
v3.2.139
v3.2.140
v3.2.141
v3.2.142
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.17
v3.3.18
v3.3.19
v3.3.20
v3.3.21
v3.3.22
v3.3.23
v3.3.24
v3.3.25
v3.3.26
v3.3.27
v3.3.28
v3.3.29
v3.3.30
v3.3.31
v3.3.32
v3.3.33
v3.3.34
v3.3.35
v3.3.36
v3.3.37
v3.3.38
v3.3.39
v3.3.40
v3.3.41
v3.3.42
v3.3.43
v3.3.45
v3.3.46
v3.3.47
v3.3.48
v3.3.49
v3.3.50
v3.3.51