TYPO3 is vulnerable to Broken Access Control. The vulnerability is due to backend users with limited access to specific languages being able to modify and create pages in the default language, which should be disallowed. A valid backend user account is required to exploit this vulnerability.