CVE-2026-1323

Name of the Vulnerable Software and Affected Versions TYPO3 (affected versions not specified)

Description The extension does not correctly define allowed classes when deserializing transport failure metadata. This can be exploited by an attacker to execute untrusted serialized code. An active exploit requires write access to the directory configured at $GLOBALS['TYPO3 CONF VARS']['MAIL']['transport spool filepath'].

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.