Open Redirect Vulnerability in TYPO3 CMS by TYPO3
CVE-2026-47347

5.3MEDIUM

Key Information:

Vendor

Typo3

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-47347?

TYPO3 CMS is susceptible to open redirect vulnerabilities due to improper handling of URL sanitization. Applications employing GeneralUtility::sanitizeLocalUrl may allow attackers to trick users into visiting external websites, potentially leading to phishing outcomes. This security flaw affects multiple versions of TYPO3 CMS and could be exploited if the sanitized URLs are misused, putting users at risk.

Affected Version(s)

TYPO3 CMS 0 < 10.4.57

TYPO3 CMS 11.0.0 < 11.5.51

TYPO3 CMS 12.0.0 < 12.4.46

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alexandre Romao
Benjamin Franzke
.