CVE-2026-47343

HIGH SEVERITY

Vulnerability Description

Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.

Vulnerability Details

Published Date

June 09, 2026

Last Modified

June 12, 2026

CWE ID

CWE-862

Source

NVD

Vendor

TYPO3

Product

TYPO3 CMS

External References

https://github.com/TYPO3/typo3/commit/504e72470ff72aaf5d2256878bf473747f389798
https://github.com/TYPO3/typo3/commit/ac4125aef8b9b94528a7f74db2444db57b05a87b
https://typo3.org/security/advisory/typo3-core-sa-2026-007

CVE-2026-47343

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment