PT-2026-47743 · Typo3 · Typo3/Cms
Hyunseo Shin
+1
·
Published
2026-06-09
·
Updated
2026-06-09
·
CVE-2026-47350
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 CMS versions 13.0.0 through 13.4.31
TYPO3 CMS versions 14.0.0 through 14.3.3
Description
Backend users can move records to a different page even if they lack the necessary edit permissions on the source page.
Recommendations
Update TYPO3 CMS versions 13.0.0 through 13.4.31 to a version later than 13.4.31.
Update TYPO3 CMS versions 14.0.0 through 14.3.3 to a version later than 14.3.3.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3/Cms