CVE-2026-33080
Last modified
CVE-2026-33080 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers (Range, Values) that render raw database values without escaping HTML. EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers (Range, Values) that render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with those summarizers. This issue has been patched in versions 4.8.5 and 5.3.5.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Filamentphp | Filament | >= 4.0.0, < 4.8.5 |
| Filamentphp | Filament | >= 5.0.0, < 5.3.5 |
References
- https://github.com/filamentphp/filament/releases/tag/v4.8.5Product, Release Notes
- https://github.com/filamentphp/filament/releases/tag/v5.3.5Product, Release Notes
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-33080?
How severe is CVE-2026-33080?
How do I fix CVE-2026-33080?
Are you affected by CVE-2026-33080?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST