SQL Injection Vulnerability in TYPO3 CMS by Vendor TYPO3
CVE-2026-11607
7.6HIGH
What is CVE-2026-11607?
A vulnerability in TYPO3 CMS allows backend users to employ files with incorrect extensions as form definitions. This weakness can be exploited by attackers to execute arbitrary SQL commands, which may lead to unauthorized privilege escalation. Attackers can create new administrative accounts, significantly compromising the integrity of the TYPO3 CMS. This impacts a range of TYPO3 versions, underscoring the need for timely updates and enhanced security measures.
Affected Version(s)
TYPO3 CMS 0 < 10.4.57
TYPO3 CMS 11.0.0 < 11.5.51
TYPO3 CMS 12.0.0 < 12.4.46
