371 matches found
CVE-2026-15305
Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties...
CVE-2026-15305 TYPO3 CMS - Unrestricted File Upload in Form Framework
Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties...
CVE-2026-15305 TYPO3 CMS - Unrestricted File Upload in Form Framework
Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties...
EUVD-2026-35391
TYPO3 CMS has Broken Access Control in its Form Framework...
Missing Authorization
Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization in the processing of form definition files by the Form Framework. An attacker can gain administrative privileges by uploading and using maliciously crafted files...
TYPO3 CMS: Destructive Actions on File Mount Folders
Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...
EUVD-2026-35402
TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework...
EUVD-2026-35393
TYPO3 CMS has Broken Access Control in its Form Framework...
TYPO3 CMS has Broken Access Control in its Form Framework
Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...
Missing Authorization
Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted files that execute...
Deserialization of Untrusted Data
Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage backend, such as the cache store or sysregistry...
GHSA-Q93M-25XV-94HH TYPO3 CMS: Broken Access Control in Media Module
Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS,...
CVE-2026-47352
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...
CVE-2026-47348
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...
CVE-2026-11607
Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
CVE-2026-47343
Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...
CVE-2026-49741
Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...
CVE-2026-47343
creationtimestamp| type| source ---|---|--- 2026-06-10 03:07:26+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-typo3-cms...
CVE-2026-49742
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...