CVE-2026-47351
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, allowing them to gather information about records and files they were not authorized to view.
Risk Assessment
The organization may be exposed to unauthorized access to sensitive data, potentially leading to breaches of privacy and information security.
Recommendation
It is recommended to update TYPO3 to the latest version to mitigate this vulnerability and implement proper permission checks for backend users.
Original NVD description (English source)
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.

