File Download Vulnerability in TYPO3 CMS Affecting Multiple Versions
CVE-2026-49742
7.1HIGH
What is CVE-2026-49742?
A security vulnerability in TYPO3 CMS allows backend users with file download permissions to access sensitive files stored in the fallback storage of the file abstraction layer through the Media Module. The fallback storage's reliance on paths relative to the server's document root poses a significant risk, as it could lead to the exposure of sensitive information, including log files. This issue is present in several versions of TYPO3 CMS, making it crucial for users to assess their systems and apply necessary patches.
Affected Version(s)
TYPO3 CMS 11.0.0 < 11.5.51
TYPO3 CMS 12.0.0 < 12.4.46
TYPO3 CMS 13.0.0 < 13.4.31
