CVE-2026-47349
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31, and 14.0.0-14.3.3.
Risk Assessment
The ability to restore data by unauthorized users may lead to data integrity violations and unauthorized access to sensitive information.
Recommendation
It is recommended to update TYPO3 CMS to the latest version to eliminate this vulnerability and restrict access to the Recycler module only to authorized users.
Original NVD description (English source)
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3.

