CVE-2026-47351

Summary

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.

Affected Software

VendorProductVersion RangeStatus
TYPO3TYPO3 CMS10.4.0 < 13.4.31affected
TYPO3TYPO3 CMS14.0.0 < 14.3.3affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization
  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References