CVE-2026-47343

216.73.216.226

· Published 09/06/2026 11:16 · Modified 09/06/2026 13:46

Labels: CVE-2026-47343 2026-06-09 CVE-2026-47343 CWE-862 f4fb688c-4412-4426-b4b8-421ecf27b14a

Essential information

Published: 09/06/2026 11:16
Modified: 09/06/2026 13:46
Author: —
Creator: —
CVSS: 7.2 HIGH (v3) 7.2 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: f4fb688c-4412-4426-b4b8-421ecf27b14a
NVD: View on NVD

Affected products (CPE)

Product	CPE
typo3 / typo3 cms	`cpe:2.3:a:typo3:typo3_cms::::::::`
typo3 / typo3 cms	`cpe:2.3:a:typo3:typo3_cms:<10.4.57:::::::*`
typo3 / typo3 cms	`cpe:2.3:a:typo3:typo3_cms:11.0.0-11.5.50:::::::*`
typo3 / typo3 cms	`cpe:2.3:a:typo3:typo3_cms:12.0.0-12.4.45:::::::*`
typo3 / typo3 cms	`cpe:2.3:a:typo3:typo3_cms:13.0.0-13.4.30:::::::*`
typo3 / typo3 cms	`cpe:2.3:a:typo3:typo3_cms:14.0.0-14.3.2:::::::*`