Arbitrary File Insertion Vulnerability in TYPO3 CMS
CVE-2026-47351

5.3MEDIUM

Key Information:

Vendor

Typo3

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-47351?

A vulnerability in TYPO3 CMS enables backend users to insert arbitrary records and files into the system's clipboard without sufficient permission checks. This flaw can be exploited by unauthorized users to access sensitive data about records and files they typically should not be able to view, leading to potential information disclosure risks. The affected versions include TYPO3 CMS versions 10.4.0 through 13.4.30 and 14.0.0 through 14.3.2. Organizations must address this issue promptly to safeguard their data and maintain system integrity.

Affected Version(s)

TYPO3 CMS 10.4.0 < 13.4.31

TYPO3 CMS 14.0.0 < 14.3.3

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vincent Yang
Elias Häußler
.