Security Advisories
All Advisories
TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)
It has been discovered that the extension "Content Element Selector" (ceselector) is vulnerable to Remote Code Execution.
TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)
It has been discovered that the extension "Address List" (tt_address) is vulnerable to SQL Injection.
TYPO3-EXT-SA-2026-011: Multiple vulnerabilities in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is vulnerable to XML External Entity injection, Path Traversal and Information…
TYPO3-EXT-SA-2026-010: SQL Injection in extension "News system" (news)
It has been discovered that the extension "News system" (news) is vulnerable to SQL Injection.
TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)
It has been discovered that the extension "Frontend User Registration" (sf_register) is vulnerable to Broken Access Control.
TYPO3-EXT-SA-2026-008: Remote Code Execution in extension "Site Crawler" (crawler)
It has been discovered that the extension "Site Crawler" (crawler) is vulnerable to Remote Code Execution.
TYPO3-CORE-SA-2026-005: Cleartext storage of Backend User Passwords
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
TYPO3-EXT-SA-2026-007: Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email)
It has been discovered that the extension "E-Mail MFA Provider" (mfa_email) is vulnerable to Authentication Bypass.
TYPO3-EXT-SA-2026-006: Broken Access Control in extension "Redirect Tab" (redirect_tab)
It has been discovered that the extension "Redirect Tab" (redirect_tab) is vulnerable to Broken Access Control.
TYPO3-EXT-SA-2026-005: Insecure Deserialization in extension "Mailqueue" (mailqueue)
It has been discovered that the extension "Mailqueue" (mailqueue) is vulnerable to insecure deserialization.
TYPO3-EXT-SA-2026-004: Vulnerability in bundled package in extension "Amazon AWS SDK" (aws)
It has been discovered that the extension "Amazon AWS SDK" (aws) bundles a vulnerable version of “aws/aws-sdk-php“ which is susceptible to use of a…
TYPO3-EXT-SA-2026-003: Vulnerability in bundled package in extension "Amazon Web Services (AWS) Toolbox" (aws_tools)
It has been discovered that the extension "Amazon Web Services (AWS) Toolbox" (aws_tools) bundles a vulnerable version of “aws/aws-sdk-php“ which is…
TYPO3-EXT-SA-2026-002: Vulnerability in bundled package in extension "AWS SDK for PHP" (aws_sdk_php)
It has been discovered that the extension "AWS SDK for PHP" (aws_sdk_php) bundles a vulnerable version of “aws/aws-sdk-php“ which is susceptible to…
TYPO3-EXT-SA-2026-001: Insecure Deserialization in extension "Mailqueue" (mailqueue)
It has been discovered that the extension "Mailqueue" (mailqueue) is vulnerable to insecure deserialization.
TYPO3-CORE-SA-2026-004: Insecure Deserialization via Mailer File Spool
It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
TYPO3-CORE-SA-2026-003: Broken Access Control in Recycler Module
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-002: Broken Access Control in Redirects Module
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-001: Broken Access Control in Edit Document Controller
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-EXT-SA-2025-016: Vulnerability in bundled package in extension "Single Sign-on with SAML" (md_saml)
It has been discovered that the extension "Single Sign-on with SAML" (md_saml) bundles a vulnerable version of “onelogin/php-saml“ which is…
TYPO3-EXT-SA-2025-015: Broken Authentication in extension "Modules" (modules)
It has been discovered that the extension "Modules" (modules) is susceptible to Broken Authentication.