Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Network-reachable login endpoint, no auth or interaction needed; impact limited to low integrity (temp file writes) and low availability (disk exhaustion); no confidentiality loss.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, some schemas, such as the panel login form, do not require file uploads, and exposing unauthenticated temporary file uploads on these components is not an acceptable risk. On these components, an unauthenticated attacker could upload arbitrary files to the application's temporary storage, which could be abused to exhaust disk space or inflate storage costs. This vulnerability is fixed in 3.3.52, 4.11.5, and 5.6.5.
AnalysisAI
Unauthenticated arbitrary file upload in Filament (Laravel component framework) versions 3.0.0 through 3.3.51, 4.x through 4.11.4, and 5.x through 5.6.4 allows remote attackers without any credentials to write files to the application's temporary storage. Filament indiscriminately applies Livewire's WithFileUploads trait to every Livewire component embedding a schema - including the panel login form, which has no legitimate file upload need - exposing the upload endpoint publicly. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The Filament panel must be accessible over the network without authentication - the standard deployment topology for a Filament login page. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L yields a base score of 6.5, accurately reflecting a low-complexity, network-accessible, unauthenticated attack with limited impact: no confidentiality breach, low integrity impact (arbitrary writes to temp storage), and low availability impact (disk exhaustion). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker scripting repeated multipart POST requests to the Filament panel's login endpoint (or any other publicly accessible schema endpoint) can write arbitrarily large files into the application's configured temporary storage directory. By automating this at volume, the attacker can exhaust available disk space on the server, causing application outages, or accumulate significant charges on cloud object storage bills. … |
| Remediation | Upgrade to Filament 3.3.52, 4.11.5, or 5.6.5 immediately, as all three release lines have vendor-released patches available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Recovery code reuse in Filament (Laravel admin panel framework) versions 4.0.0 through 4.11.4 and 5.0.0 through 5.6.4 al
Stored cross-site scripting in Filament's ImageColumn and ImageEntry components allows low-privileged authenticated atta
Filament is a collection of full-stack components for Laravel development. Rated medium severity (CVSS 6.1), this vulner
Filament's login page leaks account existence through a measurable timing side-channel, allowing unauthenticated remote
Same weakness CWE-862 – Missing Authorization
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38394
GHSA-44wp-g8f4-f4v5