7.2

CVE-2026-47343

TYPO3 CMS - Destructive Actions on File Mount Folders

Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTYPO3
Produkt TYPO3 CMS
Default Statusunaffected
Version 0
Version < 10.4.57
Status affected
Version 11.0.0
Version < 11.5.51
Status affected
Version 12.0.0
Version < 12.4.46
Status affected
Version 13.0.0
Version < 13.4.31
Status affected
Version 14.0.0
Version < 14.3.3
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
f4fb688c-4412-4426-b4b8-421ecf27b14a 7.2 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://typo3.org/security/advisory/typo3-core-sa-2026-007
https://github.com/TYPO3/typo3/commit/504e72470ff72aaf5d2256878bf473747f389798
https://github.com/TYPO3/typo3/commit/ac4125aef8b9b94528a7f74db2444db57b05a87b