PT-2026-3545 · Typo3 · Typo3 Filespool Extension+1
Elias Häußler
·
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2026-0895
CVSS v4.0
5.2
Medium
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TYPO3 FileSpool Extension (affected versions not specified)
Description
The FileSpool extension for TYPO3 contains a flaw related to Insecure Deserialization. The extension’s code, derived from the TYPO3 core, reintroduces a previously addressed issue, even when the core TYPO3 system is updated. This occurs because the extension incorporates the vulnerable code that was originally fixed in the TYPO3 core. The issue is linked to the TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3
Typo3 Filespool Extension