7.2
CVE-2026-47343
- EPSS 0.24%
- Veröffentlicht 09.06.2026 10:49:07
- Zuletzt bearbeitet 09.06.2026 13:46:50
- Quelle f4fb688c-4412-4426-b4b8-421ecf
- CVE-Watchlists
- Unerledigt
TYPO3 CMS - Destructive Actions on File Mount Folders
Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTYPO3
≫
Produkt
TYPO3 CMS
Default Statusunaffected
Version
0
Version <
10.4.57
Status
affected
Version
11.0.0
Version <
11.5.51
Status
affected
Version
12.0.0
Version <
12.4.46
Status
affected
Version
13.0.0
Version <
13.4.31
Status
affected
Version
14.0.0
Version <
14.3.3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.146 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f4fb688c-4412-4426-b4b8-421ecf27b14a | 7.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://typo3.org/security/advisory/typo3-core-sa-2026-007
https://github.com/TYPO3/typo3/commit/504e72470ff72aaf5d2256878bf473747f389798
https://github.com/TYPO3/typo3/commit/ac4125aef8b9b94528a7f74db2444db57b05a87b