4 matches found
CVE-2026-8727
The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...
CVE-2026-8727
The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...
CVE-2026-8727
The CVE-2026-8727 affects the TYPO3 Crawler extension (Site Crawler). The root cause is that the Crawler extension forwards the X-T3Crawler-Meta response header directly to PHP’s unserialize(), allowing an attacker-controlled crawled endpoint to inject arbitrary serialized PHP objects, leading to...
PT-2026-41867
The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...