{"uuid": "d8ae139d-5d6d-4622-8ff0-0308b52fc539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11607", "type": "seen", "source": "https://gist.github.com/alon710/c8f91d1124f67f3a6eb4c0158e814d5f", "content": "# CVE-2026-11607: CVE-2026-11607: Broken Access Control in TYPO3 CMS Form Framework\n\n> **CVSS Score:** 7.6\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-11607\n\n## Summary\nCVE-2026-11607 is a critical broken access control vulnerability in TYPO3 CMS's Form Framework (ext:form). Authenticated backend users with access to the Form Framework can load unauthorized YAML configurations, bypassing file extension restrictions. This allows the execution of arbitrary SQL commands via the SaveToDatabase finisher, leading to privilege escalation to administrator level.\n\n## TL;DR\nAuthenticated backend users can bypass file extension restrictions to load malicious YAML configurations, executing arbitrary database commands and gaining full administrator privileges.\n\n## Technical Details\n\n- **CWE ID**: CWE-862\n- **Attack Vector**: Network\n- **CVSS v4.0**: 7.6\n- **EPSS Score**: 0.00414 (0.41%)\n- **Impact**: Privilege Escalation / Database Compromise\n- **Exploit Status**: None\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- TYPO3 CMS\n\n## Mitigation\n\n- Restrict access to the Form Framework backend module\n- Audit the fileadmin storage for unauthorized YAML files containing database finishers\n- Upgrade TYPO3 CMS to patched versions\n\n**Remediation Steps:**\n1. Verify existing user privileges and restrict form creation rights\n2. Scan files for 'SaveToDatabase' or 'DatabaseWriteFinisher' elements in unexpected file paths\n3. Apply TYPO3 core updates immediately according to the advisory release guidelines\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-019](https://typo3.org/security/advisory/typo3-core-sa-2026-019)\n- [TYPO3 Git Commit 040d50](https://github.com/TYPO3/typo3/commit/040d50d082a01f9e8bd113effd91290a9bb3b69e)\n- [TYPO3 Git Commit 50974c](https://github.com/TYPO3/typo3/commit/50974c658f647f1aece347b5d6d5acc3c87f2dca)\n- [CVE Record CVE-2026-11607](https://www.cve.org/CVERecord?id=CVE-2026-11607)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-11607) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T14:11:12.000000Z"}