The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class

Description The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

Deserialization of Untrusted Data

Overview cpsit/typo3-mailqueue is a TYPO3 CMS extension to improve TYPO3's mail spooler with additional components. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code by providing malicious...

CVE-2026-1323

CVE-2026-1323 highlights an insecure deserialization flaw in the TYPO3 mailqueue extension, specifically in the TransportFailure class. An attacker could execute untrusted serialized code, but an active exploit requires write access to the directory configured by $GLOBALS['TYPO3_CONF_VARS']['MAIL...

CVE-2026-1323 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

CVE-2026-1323 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport

Description The extension extends TYPO3’s FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004. Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization,...

GHSA-GGFF-9MJ3-7246 mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport

Description The extension extends TYPO3’s FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004. Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization,...

CVE-2026-0895 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

CVE-2026-0895

CVE-2026-0895 affects the TYPO3 mailqueue extension. The extension extends TYPO3’s FileSpool component, and the vulnerability is an Insecure Deserialization issue that existed in core TYPO3 prior to TYPO3-CORE-SA-2026-004. The core fix was overwritten by the extension, meaning that even patched T...

CVE-2026-0895 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...