mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport

Description The extension extends TYPO3’s FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004. Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization,...

EUVD-2026-3591

mailqueue TYPO3 extension affected by Insecure Deserialization...

CVE-2026-0895

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

Deserialization of Untrusted Data

Overview cpsit/typo3-mailqueue is a TYPO3 CMS extension to improve TYPO3's mail spooler with additional components. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the FileSpool component. An attacker can execute arbitrary code by providing crafted...

CVE-2026-0895 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

CVE-2026-0895

CVE-2026-0895 affects the TYPO3 mailqueue extension. The extension extends TYPO3’s FileSpool component, and the vulnerability is an Insecure Deserialization issue that existed in core TYPO3 prior to TYPO3-CORE-SA-2026-004. The core fix was overwritten by the extension, meaning that even patched T...

CVE-2026-0895

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

CVE-2026-0895 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

PT-2026-3545

Name of the Vulnerable Software and Affected Versions TYPO3 FileSpool Extension affected versions not specified Description The FileSpool extension for TYPO3 contains a flaw related to Insecure Deserialization. The extension’s code, derived from the TYPO3 core, reintroduces a previously addressed...

EUVD-2026-2014

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...