{"vulnerability": "cve-2026-4734", "sightings": [{"uuid": "ca569b1e-24d3-4879-9134-b2b9a8dfd0f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4734", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4734", "content": "", "creation_timestamp": "2026-03-24T03:17:25.000000Z"}, {"uuid": "7a1ef1c6-f255-4a5e-99cf-889730a7f32a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4734", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhrydpuo642f", "content": "", "creation_timestamp": "2026-03-24T06:51:07.535032Z"}, {"uuid": "1d98ee9f-b76a-4926-ba58-39faab362c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47348", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6y5lau2n", "content": "\ud83d\udd17 CVE : CVE-2026-11607, CVE-2026-47348, CVE-2026-47349, CVE-2026-47350, CVE-2026-47351, CVE-2026-47352, CVE-2026-49738, CVE-2026-49740, CVE-2026-49741, CVE-2026-49742", "creation_timestamp": "2026-06-10T13:15:34.522420Z"}, {"uuid": "f0dcc0dc-9040-485b-9bd2-adb2abaa3cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47342", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mnxb5o5xhv22", "content": "CVE-2026-47342: Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass", "creation_timestamp": "2026-06-10T17:43:16.620111Z"}, {"uuid": "1cb0a531-b24d-4a25-88c7-ce02a04517f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47345", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnsl3enfz62j", "content": "CVE-2026-47345 - TYPO3 HTML Sanitizer allows Cross-Site Scripting\nCVE ID : CVE-2026-47345\n \n Published : June 8, 2026, 8:17 p.m. | 17\u00a0minutes ago\n \n Description : Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scr...", "creation_timestamp": "2026-06-08T20:57:38.157588Z"}, {"uuid": "43909b62-321a-4b2d-bd14-0afc5b1ab699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47344", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnslwat77o2j", "content": "CVE-2026-47344 - TYPO3 HTML Sanitizer allows Cross-Site Scripting\nCVE ID : CVE-2026-47344\n \n Published : June 8, 2026, 8:17 p.m. | 17\u00a0minutes ago\n \n Description : When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., ) are not recognized by the saniti...", "creation_timestamp": "2026-06-08T21:13:20.200370Z"}, {"uuid": "97ddc251-3cef-4b2f-bea6-8d76b4a4e214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47349", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6y5lau2n", "content": "\ud83d\udd17 CVE : CVE-2026-11607, CVE-2026-47348, CVE-2026-47349, CVE-2026-47350, CVE-2026-47351, CVE-2026-47352, CVE-2026-49738, CVE-2026-49740, CVE-2026-49741, CVE-2026-49742", "creation_timestamp": "2026-06-10T13:15:34.713479Z"}, {"uuid": "57442b49-3baa-4430-badf-468679d7b46d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47343", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-typo3-cms", "content": "", "creation_timestamp": "2026-06-10T03:07:26.000000Z"}, {"uuid": "ed7243b0-5f61-4987-816b-367b44b4d499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-47346", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-typo3-cms", "content": "", "creation_timestamp": "2026-06-10T03:07:26.000000Z"}, {"uuid": "c3f5b888-f4d4-4629-9b5a-bc0b0ea16fea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47340", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mohcfge3hx2k", "content": "CVE-2026-47340: Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.", "creation_timestamp": "2026-06-17T02:48:06.972895Z"}, {"uuid": "04462cc9-9a93-4b4b-920b-1fbafd744d09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47342", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mny3lqxsss2l", "content": "CVE-2026-47342 - Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass\nCVE ID : CVE-2026-47342\n \n Published : June 10, 2026, 11:16 p.m. | 2\u00a0hours, 1\u00a0minute ago\n \n Description : A privilege escalation vulnerability in Apache OFBiz allows a low-privileged au...", "creation_timestamp": "2026-06-11T01:36:26.376571Z"}, {"uuid": "1ebf9cae-b7cf-4446-a3a3-6573705a24b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47349", "type": "seen", "source": "https://gist.github.com/alon710/14055f1ad000f884f10427da3c71afd9", "content": "# CVE-2026-47349: CVE-2026-47349: Missing Authorization in TYPO3 CMS DataHandler Record Restoration\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-47349\n\n## Summary\nAn authenticated backend user with access to the Recycler module in TYPO3 CMS can bypass write restrictions and restore soft-deleted records on pages or database tables they are not authorized to modify. This vulnerability resides in the core DataHandler class due to missing permission checks during 'undelete' operations.\n\n## TL;DR\nUnprivileged TYPO3 backend users can exploit the Recycler module to restore and modify unauthorized database records across page boundaries.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-862: Missing Authorization\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0**: 5.3 (Medium)\n- **EPSS Score**: 0.00414 (32.77th percentile)\n- **Impact**: Privilege Escalation / Unauthorized Write Access\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- TYPO3 CMS 10.0.0 to 10.4.56\n- TYPO3 CMS 11.0.0 to 11.5.50\n- TYPO3 CMS 12.0.0 to 12.4.45\n- TYPO3 CMS 13.0.0 to 13.4.30\n- TYPO3 CMS 14.0.0 to 14.3.2\n- **TYPO3 CMS**: >= 10.0.0 < 10.4.57 (Fixed in: `10.4.57 ELTS`)\n- **TYPO3 CMS**: >= 11.0.0 < 11.5.51 (Fixed in: `11.5.51 ELTS`)\n- **TYPO3 CMS**: >= 12.0.0 < 12.4.46 (Fixed in: `12.4.46 ELTS`)\n- **TYPO3 CMS**: >= 13.0.0 < 13.4.31 (Fixed in: `13.4.31 LTS`)\n- **TYPO3 CMS**: >= 14.0.0 < 14.3.3 (Fixed in: `14.3.3 LTS`)\n\n## Mitigation\n\n- Upgrade TYPO3 CMS to a patched version (10.4.57, 11.5.51, 12.4.46, 13.4.31, 14.3.3 or higher).\n- Remove access to the Recycler module (ext:recycler) for non-administrative backend user groups.\n- Implement database logging audits to monitor for unauthorized database restoration commands.\n\n**Remediation Steps:**\n1. Identify the current active TYPO3 branch (10, 11, 12, 13, or 14).\n2. Apply the corresponding security update using Composer or the official source archives.\n3. Verify user group permissions to ensure low-privileged editors only possess access to designated database tables and pages.\n4. Review the TYPO3 System Log database table (sys_log) for occurrences of USER_ERROR entries regarding undelete record attempts.\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-011](https://typo3.org/security/advisory/typo3-core-sa-2026-011)\n- [CVE Registry Record](https://www.cve.org/CVERecord?id=CVE-2026-47349)\n- [CWE-862 Weakness Definition](https://cwe.mitre.org/data/definitions/862.html)\n- [TYPO3 Core 13.4 Security Fix](https://github.com/TYPO3/typo3/commit/92f08d8944f1aeccf506fcd323c260448c64d7c8)\n- [TYPO3 Core Main Branch Security Fix](https://github.com/TYPO3/typo3/commit/9f17a307cf774d63ab8291fc97c6b55653b4265a)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47349) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T14:41:47.000000Z"}, {"uuid": "b4ff61a7-11ad-4bad-95fb-b61120217230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47349", "type": "seen", "source": "https://gist.github.com/alon710/a08953cadcdf16e9be0dd04a2434d31a", "content": "# CVE-2026-47349: CVE-2026-47349: Missing Authorization in TYPO3 CMS DataHandler Record Restoration\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-47349\n\n## Summary\nAn authenticated backend user with access to the Recycler module in TYPO3 CMS can bypass write restrictions and restore soft-deleted records on pages or database tables they are not authorized to modify. This vulnerability resides in the core DataHandler class due to missing permission checks during 'undelete' operations.\n\n## TL;DR\nUnprivileged TYPO3 backend users can exploit the Recycler module to restore and modify unauthorized database records across page boundaries.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-862: Missing Authorization\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0**: 5.3 (Medium)\n- **EPSS Score**: 0.00414 (32.77th percentile)\n- **Impact**: Privilege Escalation / Unauthorized Write Access\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- TYPO3 CMS 10.0.0 to 10.4.56\n- TYPO3 CMS 11.0.0 to 11.5.50\n- TYPO3 CMS 12.0.0 to 12.4.45\n- TYPO3 CMS 13.0.0 to 13.4.30\n- TYPO3 CMS 14.0.0 to 14.3.2\n- **TYPO3 CMS**: >= 10.0.0 < 10.4.57 (Fixed in: `10.4.57 ELTS`)\n- **TYPO3 CMS**: >= 11.0.0 < 11.5.51 (Fixed in: `11.5.51 ELTS`)\n- **TYPO3 CMS**: >= 12.0.0 < 12.4.46 (Fixed in: `12.4.46 ELTS`)\n- **TYPO3 CMS**: >= 13.0.0 < 13.4.31 (Fixed in: `13.4.31 LTS`)\n- **TYPO3 CMS**: >= 14.0.0 < 14.3.3 (Fixed in: `14.3.3 LTS`)\n\n## Mitigation\n\n- Upgrade TYPO3 CMS to a patched version (10.4.57, 11.5.51, 12.4.46, 13.4.31, 14.3.3 or higher).\n- Remove access to the Recycler module (ext:recycler) for non-administrative backend user groups.\n- Implement database logging audits to monitor for unauthorized database restoration commands.\n\n**Remediation Steps:**\n1. Identify the current active TYPO3 branch (10, 11, 12, 13, or 14).\n2. Apply the corresponding security update using Composer or the official source archives.\n3. Verify user group permissions to ensure low-privileged editors only possess access to designated database tables and pages.\n4. Review the TYPO3 System Log database table (sys_log) for occurrences of USER_ERROR entries regarding undelete record attempts.\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-011](https://typo3.org/security/advisory/typo3-core-sa-2026-011)\n- [CVE Registry Record](https://www.cve.org/CVERecord?id=CVE-2026-47349)\n- [CWE-862 Weakness Definition](https://cwe.mitre.org/data/definitions/862.html)\n- [TYPO3 Core 13.4 Security Fix](https://github.com/TYPO3/typo3/commit/92f08d8944f1aeccf506fcd323c260448c64d7c8)\n- [TYPO3 Core Main Branch Security Fix](https://github.com/TYPO3/typo3/commit/9f17a307cf774d63ab8291fc97c6b55653b4265a)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47349) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T14:51:47.000000Z"}, {"uuid": "b65b1f3e-cc18-4f61-b351-482af7570996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47347", "type": "seen", "source": "https://gist.github.com/alon710/45b8c4a23a1b5a0fbe2279df9a787a90", "content": "# CVE-2026-47347: CVE-2026-47347: Open Redirect Vulnerability in TYPO3 CMS GeneralUtility::sanitizeLocalUrl\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-47347\n\n## Summary\nCVE-2026-47347 is an open redirect vulnerability affecting multiple TYPO3 CMS versions. The issue resides in GeneralUtility::sanitizeLocalUrl, where an insufficient blocklist validation implementation fails to prevent browsers from normalizing malformed relative paths into external protocol-relative redirections. Attackers can exploit this to conduct phishing, session hijacking, or credential harvesting campaigns.\n\n## TL;DR\nA flaw in TYPO3's GeneralUtility::sanitizeLocalUrl allows attackers to bypass local URL verification. By passing URLs with backslashes, attackers trigger modern browser normalizations, redirecting users to external malicious domains.\n\n## Technical Details\n\n- **CWE ID**: CWE-601\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0**: 5.3 (Medium)\n- **EPSS Score**: 0.00484\n- **Exploit Status**: None (No Public Exploit)\n- **CISA KEV Status**: Not Listed\n- **Impact**: Subsequent System Integrity (SI:L)\n\n## Affected Systems\n\n- TYPO3 CMS Core\n- **TYPO3 CMS**: < 10.4.57 (Fixed in: `10.4.57 ELTS`)\n- **TYPO3 CMS**: 11.0.0 - 11.5.50 (Fixed in: `11.5.51 ELTS`)\n- **TYPO3 CMS**: 12.0.0 - 12.4.45 (Fixed in: `12.4.46 ELTS`)\n- **TYPO3 CMS**: 13.0.0 - 13.4.30 (Fixed in: `13.4.31 LTS`)\n- **TYPO3 CMS**: 14.0.0 - 14.3.2 (Fixed in: `14.3.3 LTS`)\n\n## Mitigation\n\n- Upgrade to a patched version of TYPO3 CMS Core.\n- Implement Web Application Firewall (WAF) filtering to identify and block invalid characters (such as backslashes) in redirect-associated parameter keys.\n\n**Remediation Steps:**\n1. Verify the current version of the TYPO3 CMS installation.\n2. Obtain the appropriate security update based on the current branch (e.g., 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS).\n3. Apply the security update and clear TYPO3 system caches.\n4. Configure WAF rules to drop traffic containing double-backslashes or non-standard control characters in query strings targeting redirection modules.\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-009](https://typo3.org/security/advisory/typo3-core-sa-2026-009)\n- [CVE-2026-47347 Record](https://www.cve.org/CVERecord?id=CVE-2026-47347)\n- [TYPO3 Core Commit 22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd](https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd)\n- [TYPO3 Core Commit 3ffc0835012c6199db0e1dc4b56a77147d8600e0](https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0)\n- [CWE-601 Definition](https://cwe.mitre.org/data/definitions/601.html)\n- [TYPO3 Security Guide](https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html#security)\n- [TYPO3 Announce Mailing List](http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce)\n- [TYPO3 Review System Log](https://review.typo3.org/#/q/status:merged+project:Packages/TYPO3.CMS+topic:security,n,z)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47347) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T15:11:46.000000Z"}, {"uuid": "29709c43-0bd0-4670-b76b-fa5b7515109d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47347", "type": "seen", "source": "https://gist.github.com/alon710/cac399543a2b7d81a55d66704f7b735e", "content": "# CVE-2026-47347: CVE-2026-47347: Open Redirect Vulnerability in TYPO3 CMS GeneralUtility::sanitizeLocalUrl\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-47347\n\n## Summary\nCVE-2026-47347 is an open redirect vulnerability affecting multiple TYPO3 CMS versions. The issue resides in GeneralUtility::sanitizeLocalUrl, where an insufficient blocklist validation implementation fails to prevent browsers from normalizing malformed relative paths into external protocol-relative redirections. Attackers can exploit this to conduct phishing, session hijacking, or credential harvesting campaigns.\n\n## TL;DR\nA flaw in TYPO3's GeneralUtility::sanitizeLocalUrl allows attackers to bypass local URL verification. By passing URLs with backslashes, attackers trigger modern browser normalizations, redirecting users to external malicious domains.\n\n## Technical Details\n\n- **CWE ID**: CWE-601\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0**: 5.3 (Medium)\n- **EPSS Score**: 0.00484\n- **Exploit Status**: None (No Public Exploit)\n- **CISA KEV Status**: Not Listed\n- **Impact**: Subsequent System Integrity (SI:L)\n\n## Affected Systems\n\n- TYPO3 CMS Core\n- **TYPO3 CMS**: < 10.4.57 (Fixed in: `10.4.57 ELTS`)\n- **TYPO3 CMS**: 11.0.0 - 11.5.50 (Fixed in: `11.5.51 ELTS`)\n- **TYPO3 CMS**: 12.0.0 - 12.4.45 (Fixed in: `12.4.46 ELTS`)\n- **TYPO3 CMS**: 13.0.0 - 13.4.30 (Fixed in: `13.4.31 LTS`)\n- **TYPO3 CMS**: 14.0.0 - 14.3.2 (Fixed in: `14.3.3 LTS`)\n\n## Mitigation\n\n- Upgrade to a patched version of TYPO3 CMS Core.\n- Implement Web Application Firewall (WAF) filtering to identify and block invalid characters (such as backslashes) in redirect-associated parameter keys.\n\n**Remediation Steps:**\n1. Verify the current version of the TYPO3 CMS installation.\n2. Obtain the appropriate security update based on the current branch (e.g., 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS).\n3. Apply the security update and clear TYPO3 system caches.\n4. Configure WAF rules to drop traffic containing double-backslashes or non-standard control characters in query strings targeting redirection modules.\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-009](https://typo3.org/security/advisory/typo3-core-sa-2026-009)\n- [CVE-2026-47347 Record](https://www.cve.org/CVERecord?id=CVE-2026-47347)\n- [TYPO3 Core Commit 22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd](https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd)\n- [TYPO3 Core Commit 3ffc0835012c6199db0e1dc4b56a77147d8600e0](https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0)\n- [CWE-601 Definition](https://cwe.mitre.org/data/definitions/601.html)\n- [TYPO3 Security Guide](https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html#security)\n- [TYPO3 Announce Mailing List](http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce)\n- [TYPO3 Review System Log](https://review.typo3.org/#/q/status:merged+project:Packages/TYPO3.CMS+topic:security,n,z)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47347) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T15:21:23.000000Z"}, {"uuid": "6dcd3965-0b44-4e34-93d8-d98a7977ceca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47349", "type": "seen", "source": "https://gist.github.com/alon710/e90462c6d1e4f356cd2d8abf8f54484f", "content": "# CVE-2026-47349: CVE-2026-47349: Missing Authorization in TYPO3 CMS DataHandler Record Restoration\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-47349\n\n## Summary\nAn authenticated backend user with access to the Recycler module in TYPO3 CMS can bypass write restrictions and restore soft-deleted records on pages or database tables they are not authorized to modify. This vulnerability resides in the core DataHandler class due to missing permission checks during 'undelete' operations.\n\n## TL;DR\nUnprivileged TYPO3 backend users can exploit the Recycler module to restore and modify unauthorized database records across page boundaries.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-862: Missing Authorization\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0**: 5.3 (Medium)\n- **EPSS Score**: 0.00414 (32.77th percentile)\n- **Impact**: Privilege Escalation / Unauthorized Write Access\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- TYPO3 CMS 10.0.0 to 10.4.56\n- TYPO3 CMS 11.0.0 to 11.5.50\n- TYPO3 CMS 12.0.0 to 12.4.45\n- TYPO3 CMS 13.0.0 to 13.4.30\n- TYPO3 CMS 14.0.0 to 14.3.2\n- **TYPO3 CMS**: >= 10.0.0 < 10.4.57 (Fixed in: `10.4.57 ELTS`)\n- **TYPO3 CMS**: >= 11.0.0 < 11.5.51 (Fixed in: `11.5.51 ELTS`)\n- **TYPO3 CMS**: >= 12.0.0 < 12.4.46 (Fixed in: `12.4.46 ELTS`)\n- **TYPO3 CMS**: >= 13.0.0 < 13.4.31 (Fixed in: `13.4.31 LTS`)\n- **TYPO3 CMS**: >= 14.0.0 < 14.3.3 (Fixed in: `14.3.3 LTS`)\n\n## Mitigation\n\n- Upgrade TYPO3 CMS to a patched version (10.4.57, 11.5.51, 12.4.46, 13.4.31, 14.3.3 or higher).\n- Remove access to the Recycler module (ext:recycler) for non-administrative backend user groups.\n- Implement database logging audits to monitor for unauthorized database restoration commands.\n\n**Remediation Steps:**\n1. Identify the current active TYPO3 branch (10, 11, 12, 13, or 14).\n2. Apply the corresponding security update using Composer or the official source archives.\n3. Verify user group permissions to ensure low-privileged editors only possess access to designated database tables and pages.\n4. Review the TYPO3 System Log database table (sys_log) for occurrences of USER_ERROR entries regarding undelete record attempts.\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-011](https://typo3.org/security/advisory/typo3-core-sa-2026-011)\n- [CVE Registry Record](https://www.cve.org/CVERecord?id=CVE-2026-47349)\n- [CWE-862 Weakness Definition](https://cwe.mitre.org/data/definitions/862.html)\n- [TYPO3 Core 13.4 Security Fix](https://github.com/TYPO3/typo3/commit/92f08d8944f1aeccf506fcd323c260448c64d7c8)\n- [TYPO3 Core Main Branch Security Fix](https://github.com/TYPO3/typo3/commit/9f17a307cf774d63ab8291fc97c6b55653b4265a)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47349) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T00:11:50.000000Z"}, {"uuid": "b4fa1eb3-0520-42ed-942e-39d3a2647b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47341", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3monp5jz3us2y", "content": "CVE-2026-47341: Apache APISIX: Session replay issue in hmac-auth", "creation_timestamp": "2026-06-19T15:52:18.658712Z"}]}