CVE-2026-1323 Insecure Deserialization in extension "Mailqueue" (mailqueue)

🗓️ 17 Mar 2026 08:33:05Reported by TYPO3Type

Mailqueue extension deserialization flaw enables code execution; spool write access required.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2026-1323	17 Mar 202608:33	–	attackerkb
CNNVD	TYPO3 Mailqueue 安全漏洞	17 Mar 202600:00	–	cnnvd
CVE	CVE-2026-1323	17 Mar 202608:33	–	cve
EUVD	EUVD-2026-12548	18 Mar 202616:17	–	euvd
Github Security Blog	The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class	18 Mar 202616:17	–	github
NVD	CVE-2026-1323	17 Mar 202609:16	–	nvd
OSV	GHSA-2PM6-9FHX-VVG3 The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class	18 Mar 202616:17	–	osv
Positive Technologies	PT-2026-25877	17 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-1323	26 Mar 202615:10	–	redhatcve
Snyk	Deserialization of Untrusted Data	17 Mar 202610:51	–	snyk

[
  {
    "vendor": "TYPO3",
    "product": "Extension \"Mailqueue\"",
    "collectionURL": "https://packagist.org/",
    "packageName": "cpsit/typo3-mailqueue",
    "repo": "https://github.com/CPS-IT/mailqueue",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "0.4.5",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "0.5.0",
        "lessThan": "0.5.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
typo3	www.typo3.org/security/advisory/typo3-ext-sa-2026-005

17 Mar 2026 08:33Current

CVSS 45.2

EPSS0.00135

CWE-502