3 matches found
CVE-2026-48067 Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields
Filament is a collection of full-stack components for accelerated Laravel development. From filament/actions 4.0.0 until 4.11.4 and 5.6.4 and from filament/tables 3.0.0 until 3.3.51, the recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachActio...
GHSA-7Q3W-XQJW-G3CR Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields
The recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the...
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields
The recordSelectOptionsQuery method may be used to scope the options available in the Select field for AttachAction and AssociateAction. However, the built-in validation rule for these fields did not apply the same scope. As a result, a user who can trigger these actions could tamper with the...