Unauthorized File Operations Vulnerability in TYPO3 CMS
CVE-2026-47343

7.2HIGH

Key Information:

Vendor

Typo3

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-47343?

This vulnerability allows non-privileged backend users with file mount access to execute write operations—including moving, deleting, or renaming folders—without appropriate authorization. The issue stems from inadequate access restrictions on folders that represent the root of an active file mount, potentially leading to unauthorized data manipulation and loss. It specifically affects multiple versions of TYPO3 CMS, necessitating prompt action to secure the system.

Affected Version(s)

TYPO3 CMS 0 < 10.4.57

TYPO3 CMS 11.0.0 < 11.5.51

TYPO3 CMS 12.0.0 < 12.4.46

References

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arne Uplegger
Elias Häußler
.