5.3
CVE-2026-47351
- EPSS 0.24%
- Veröffentlicht 09.06.2026 10:52:38
- Zuletzt bearbeitet 09.06.2026 13:46:50
- Quelle f4fb688c-4412-4426-b4b8-421ecf
- CVE-Watchlists
- Unerledigt
TYPO3 CMS - Broken Access Control in Clipboard
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTYPO3
≫
Produkt
TYPO3 CMS
Default Statusunaffected
Version
10.4.0
Version <
13.4.31
Status
affected
Version
14.0.0
Version <
14.3.3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.145 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f4fb688c-4412-4426-b4b8-421ecf27b14a | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://typo3.org/security/advisory/typo3-core-sa-2026-014
https://github.com/TYPO3/typo3/commit/932fbb9fcea25094e8bcc0f0ec5aab56b1d92451
https://github.com/TYPO3/typo3/commit/2740707563343d78184c0b7c6303a7484553d7f3