Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

Double bug bounties for vulnerabilities in TYPO3 CMS until the end of 2024

Categories: Community, TYPO3 CMS Created by Torben Hansen and Oliver Hader
The TYPO3 Security Team is doubling bug bounties for all verified vulnerabilities in TYPO3 CMS until December 31, 2024. This special campaign offers an opportunity for security researchers and ethical hackers to contribute to TYPO3’s security with enhanced rewards in recognition of their efforts.

Cybersecurity Awareness Month is an annual event held every October to raise awareness about the importance of cybersecurity. It was first declared in 2004 in response to the growing need for awareness of cybersecurity risks as digital technology became increasingly integrated into everyday life.

The TYPO3 Security Team is dedicated to maintaining a secure and reliable content management system for our community. We recognize the important role that security researchers play in helping us identify vulnerabilities in TYPO3 CMS before they can be exploited. Therefore, we actively invite security researchers, ethical hackers, and developers to engage with us in making TYPO3 CMS safer for everyone.

To further emphasize our commitment to security and to build on the awareness Cybersecurity Month generated, we are excited to announce a Holidays 2024 themed campaign in which we will double all bug bounties for issues reported affecting TYPO3 CMS. The campaign runs until the end of the holiday season, on 31 December 2024. This is our way of saying thank you to the security community for their continued support and dedication to making the internet a safer place.

The updated rewards for issues in TYPO3 CMS are as following:

  • Critical (CVSS ≥ 9.0): Up to 1,200 EUR
  • High (CVSS ≥ 7.0): Up to 600 EUR
  • Medium (CVSS ≥ 4.0): Up to 300 EUR
  • Low (CVSS < 4.0): Up to 100 EUR

To qualify for these rewards, reported issues must align with the qualifying criteria outlined on our bug bounty program page and must be confirmed by the TYPO3 Security Team until 31 December 2024.

Please note that the increased bounties apply exclusively to vulnerabilities found in TYPO3 CMS itself. They do not extend to 3rd party extensions or infrastructure-related issues.

Latest news

Show more