PT-2026-26189 · Filament · Filament

Danharrin

Published

2026-03-18

Updated

2026-03-22

CVE-2026-33080

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.8.4 Filament versions 5.0.0 through 5.3.4

Description Filament is a collection of full-stack components for accelerated Laravel development. The Table summarizers (Range, Values) render raw database values without escaping HTML. If data validation is lacking in columns utilizing these summarizers, an attacker could inject malicious HTML or JavaScript, leading to stored cross-site scripting (XSS) that executes for users viewing the table. The vulnerable components are the Range and Values summarizers.

Recommendations Filament versions 4.0.0 through 4.8.4 should be updated to version 4.8.5 or later. Filament versions 5.0.0 through 5.3.4 should be updated to version 5.3.5 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

CVE-2026-33080

GHSA-VV3X-J2X5-36JC

Affected Products

Filament

PT-2026-26189 · Filament · Filament

CVE-2026-33080

Weakness Enumeration

Related Identifiers

Affected Products

References · 11