CVE-2026-48167: Root-Cause Fix for Filament Image src Attribute Injection

Vulnerability

GHSA-3FC8-8HP6-6JR4, CVE-2026-48167, and the MITRE CVE record describe a stored cross-site scripting issue in Filament v4.x and v5.x. The vulnerable pattern was insertion of database-controlled image URL data into an HTML src attribute without output encoding. Because the sink is an attribute context, an attacker only needs a quote character to terminate the attribute value and append a new event handler or other malicious markup. In the stated threat model, authenticated users with write access to persisted records can plant payloads that execute when an administrator views the affected record.

The commit shows the vulnerable sink in both image-rendering components: packages/infolists/src/Components/ImageEntry.php and packages/tables/src/Columns/ImageColumn.php, where the computed URL was previously assigned directly to the src attribute. That is consistent with attribute injection leading to stored XSS when rendered in an admin panel.

'src' => filled($stateItem) ? ($this->getImageUrl($stateItem) ?? $defaultImageUrl) : $defaultImageUrl,

Given the exploit primitive demonstrated by the added tests using data:image/png,", the root issue is missing HTML escaping at the final render sink, not merely insufficient input validation.

Patch

The official patch in commit e1f36a7316d75476f3301e044cc360d7cb746c56 wraps the computed image URL with Laravel's e() helper before assigning it to the src attribute in both affected components. This converts dangerous characters such as " into HTML entities, preserving the value inside the attribute boundary instead of allowing markup breakout.

'src' => e(filled($stateItem) ? ($this->getImageUrl($stateItem) ?? $defaultImageUrl) : $defaultImageUrl),

The patch also adds regression tests for both code paths:

• tests/src/Infolists/Components/ImageEntryTest.php
• tests/src/Tables/Columns/ImageColumnTest.php

Those tests assert that a quote in the stored value is rendered as ", confirming that the dangerous delimiter is escaped in the final HTML output. This is source-grounded evidence that the patch is aimed precisely at the exploit mechanism described in the advisory and CVE references.

Review

Pros

• The fix is applied at the output sink, which is the correct trust boundary for preventing attribute-context XSS.
• Both affected rendering paths are patched: ImageEntry and ImageColumn.
• The change is minimal and low-risk: it preserves existing URL resolution logic while adding encoding only at render time.
• Regression tests explicitly cover quote escaping, which is the key character needed to break out of the src attribute.
• The patch aligns with the vulnerability description in the GitHub advisory and NVD.

Cons

• The tests shown validate escaping of double quotes specifically; they do not demonstrate broader coverage for other attribute-breaking characters such as single quotes, angle brackets, or malformed protocol strings.
• The patch addresses HTML attribute injection, but it does not by itself enforce URL scheme restrictions. If downstream security policy requires allowlisting of image schemes or hosts, that remains a separate hardening concern.
• The provided snippets do not show whether other image-like components or custom renderers in the codebase use the same sink pattern; similar call sites would need separate review.

Verdict

Root-cause.

This patch fixes the actual vulnerability mechanism by escaping untrusted data at the point where it enters an HTML attribute context. Because the exploit depends on breaking out of src with a quote, converting that delimiter to " neutralizes the stored XSS vector in the affected components. The added tests are appropriately targeted and demonstrate the intended security property. Based on the supplied diff and references, this is a correct and durable remediation for the reported issue, not a superficial filter or input-side workaround.