CVE-2026-33080

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.8.4 Filament versions 5.0.0 through 5.3.4

Description Filament is a collection of full-stack components for accelerated Laravel development. The Table summarizers (Range, Values) render raw database values without escaping HTML. If data validation is lacking in columns utilizing these summarizers, an attacker could inject malicious HTML or JavaScript, leading to stored cross-site scripting (XSS) that executes for users viewing the table. The vulnerable components are the Range and Values summarizers.

Recommendations Filament versions 4.0.0 through 4.8.4 should be updated to version 4.8.5 or later. Filament versions 5.0.0 through 5.3.4 should be updated to version 5.3.5 or later.