CVE-2026-48166MEDIUMCVSS 5.3

Filament: Timing-based user enumeration on login page

Published Jun 23, 2026·Updated Jun 23, 2026

Description

The login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether an account exists for a given email.

Affected Packages (1)

filament/filamentCOMPOSER
From 4.0.0
Fixed in = 4.11.4

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free