GHSA-F34X-RX2W-7PM3 TYPO3 CMS has Broken Access Control in the Recycler Module

🗓️ 12 Jun 2026 20:08:04Reported by GoogleType

osv🔗 osv.dev👁 2 Views

Problem Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, ...

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2026-47349	10 Jun 202613:15	–	circl
CVE	CVE-2026-47349	9 Jun 202610:51	–	cve
Cvelist	CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler	9 Jun 202610:51	–	cvelist
EUVD	EUVD-2026-35396	12 Jun 202620:08	–	euvd
Friends Of PHP	TYPO3-CORE-SA-2026-011: Broken Access Control in Recycler	9 Jun 202608:58	–	friendsofphp
Github Security Blog	TYPO3 CMS has Broken Access Control in the Recycler Module	12 Jun 202620:08	–	github
NVD	CVE-2026-47349	9 Jun 202611:16	–	nvd
Positive Technologies	PT-2026-47742	9 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-47349	10 Jun 202615:00	–	redhatcve
Vulnrichment	CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler	9 Jun 202610:51	–	vulnrichment

Source	Link
github	www.github.com/TYPO3/typo3/security/advisories/GHSA-f34x-rx2w-7pm3
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-47349
github	www.github.com/TYPO3/typo3/commit/92f08d8944f1aeccf506fcd323c260448c64d7c8
github	www.github.com/TYPO3/typo3/commit/9f17a307cf774d63ab8291fc97c6b55653b4265a
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2026-47349.yaml
github	www.github.com/TYPO3/typo3
typo3	www.typo3.org/security/advisory/typo3-core-sa-2026-011

12 Jun 2026 20:15Current

5.3Medium risk

Vulners AI Score5.3

CVSS 45.3

EPSS0.00036