MEDIUM 5.3

GHSA-5w46-g9pq-wh6f

Filament: Timing-based user enumeration on login page

상세

The login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether an account exists for a given email.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Packagist / filament/filament

최초 영향 버전: 4.0.0 수정 버전: 4.11.5

수정 composer require filament/filament:^4.11.5

Packagist / filament/filament

최초 영향 버전: 5.0.0 수정 버전: 5.6.5

수정 composer require filament/filament:^5.6.5

참고

https://github.com/filamentphp/filament/security/advisories/GHSA-5w46-g9pq-wh6f [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-48166 [ADVISORY]
https://github.com/filamentphp/filament [PACKAGE]