CVE-2026-1323

EPSS 0.22%
Veröffentlicht 17.03.2026 08:33:05
Zuletzt bearbeitet 25.04.2026 18:37:35
Quelle f4fb688c-4412-4426-b4b8-421ecf
CVE-Watchlists
Login
Unerledigt
Login

Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cps-it ≫ Mailqueue SwPlatformtypo3 Version < 0.4.5

Cps-it ≫ Mailqueue SwPlatformtypo3 Version >= 0.5.0 < 0.5.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.117

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
f4fb688c-4412-4426-b4b8-421ecf27b14a	5.2	0	0	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://typo3.org/security/advisory/typo3-ext-sa-2026-005

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-1323

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1323

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1323

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1323