Unauthorized Record Restoration Vulnerability in TYPO3 CMS
CVE-2026-47349
5.3MEDIUM
What is CVE-2026-47349?
A vulnerability in TYPO3 CMS allows backend users with access to the Recycler module to restore soft-deleted records on pages or tables that they do not have authorization to modify. This security oversight could potentially lead to unauthorized data exposure or manipulation. Affected versions include earlier iterations of TYPO3 CMS, making it critical for users to review and update to the latest versions to mitigate risks. For more information, you can refer to the TYPO3 security advisory.
Affected Version(s)
TYPO3 CMS 0 < 10.4.57
TYPO3 CMS 11.0.0 < 11.5.51
TYPO3 CMS 12.0.0 < 12.4.46
