CVE Catalog

CVE-2026-47351

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile - higher than 11% of all known CVEs

Summary

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, allowing them to gather information about records and files they were not authorized to view.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data, potentially leading to breaches of privacy and information security.

Recommendation

It is recommended to update TYPO3 to the latest version to mitigate this vulnerability and implement proper permission checks for backend users.

Original NVD description (English source)

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS