PT-2026-3545 · Typo3 · Typo3 Filespool Extension+1
Elias Häußler
·
Publicado
2026-01-20
·
Atualizado
2026-01-21
·
CVE-2026-0895
CVSS v4.0
5.2
Média
| Vetor | AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TYPO3 FileSpool Extension (affected versions not specified)
Description
The FileSpool extension for TYPO3 contains a flaw related to Insecure Deserialization. The extension’s code, derived from the TYPO3 core, reintroduces a previously addressed issue, even when the core TYPO3 system is updated. This occurs because the extension incorporates the vulnerable code that was originally fixed in the TYPO3 core. The issue is linked to the TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Typo3
Typo3 Filespool Extension