CVE Catalog

CVE-2026-47347

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

Applications using GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks.

Risk Assessment

Organizations may be exposed to phishing attacks that could lead to user data theft and loss of trust in the application. Exploitation of this vulnerability can result in serious financial and reputational consequences.

Recommendation

It is recommended to update TYPO3 CMS to versions 10.4.57, 11.5.50, 12.4.45, 13.4.30, or 14.3.2 to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable to identify and remediate other potential vulnerabilities.

Original NVD description (English source)

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS