CVE-2026-46723

🗓️ 19 May 2026 09:23:32Reported by TYPO3Type

CVE-2026-46723: Faceted Search allows arbitrary tables via additional_tables, enabling copy of sensitive TYPO3 data.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-46723	19 May 202609:23	–	attackerkb
CNNVD	TYPO3 Extension Faceted Search 安全漏洞	19 May 202600:00	–	cnnvd
Cvelist	CVE-2026-46723 Information Disclosure in extension "Faceted Search" (ke_search)	19 May 202609:23	–	cvelist
EUVD	EUVD-2026-30863	19 May 202609:23	–	euvd
Friends Of PHP	TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)	18 May 202614:30	–	friendsofphp
NVD	CVE-2026-46723	19 May 202610:16	–	nvd
Positive Technologies	PT-2026-41863	19 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-46723	5 Jun 202619:29	–	redhatcve
Snyk	XML External Entity (XXE) Injection	24 May 202620:47	–	snyk
Vulnrichment	CVE-2026-46723 Information Disclosure in extension "Faceted Search" (ke_search)	19 May 202609:23	–	vulnrichment

[
  {
    "vendor": "TYPO3",
    "product": "Extension \"Faceted Search\"",
    "collectionURL": "https://packagist.org/",
    "packageName": "tpwd/ke_search",
    "repo": "https://github.com/tpwd/ke_search",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0",
        "lessThan": "7.0.1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.0.0",
        "lessThan": "6.6.1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.6.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
typo3	www.typo3.org/security/advisory/typo3-ext-sa-2026-011

19 May 2026 14:47Current

5.9Medium risk

Vulners AI Score5.9

CVSS 45.9

EPSS0.00051

SSVC

CWE-668