Unauthorized Record Movement in TYPO3 CMS by TYPO3 Association
CVE-2026-47350

5.3MEDIUM

Key Information:

Vendor

Typo3

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-47350?

A security issue in TYPO3 CMS allows backend users to transfer records to different pages without having the necessary edit permissions on the original source page. This vulnerability affects multiple versions of TYPO3 CMS, specifically versions from 13.0.0 up to 14.3.3. Ensuring proper access control is critical to prevent unauthorized manipulation of content within the CMS.

Affected Version(s)

TYPO3 CMS 13.0.0 < 13.4.31

TYPO3 CMS 14.0.0 < 14.3.3

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hyunseo Shin
Torben Hansen
.