Security Advisories
All Advisories
TYPO3-CORE-SA-2026-019: Broken Access Control in Form Framework
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-018: Insecure Deserialization in Core API
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-017: Privilege Escalation & SQL Injection in Form Framework
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-016: Broken Access Control in File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-015: Broken Access Control in Backend API
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-014: Broken Access Control in Clipboard
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-013: Broken Access Control in Media Module
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-012: Broken Access Control in DataHandler
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-011: Broken Access Control in Recycler
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-010: Cross-Site Scripting in Indexed Search
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2026-009: Open Redirect in TYPO3 CMS
It has been discovered that TYPO3 CMS is susceptible to open redirect.
TYPO3-CORE-SA-2026-008: Broken Access Control in Form Framework
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-007: Broken Access Control in File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-006: By-passing Cross-Site Scripting Protection in HTML Sanitizer
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)
It has been discovered that the extension "Content Element Selector" (ceselector) is vulnerable to Remote Code Execution.
TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)
It has been discovered that the extension "Address List" (tt_address) is vulnerable to SQL Injection.
TYPO3-EXT-SA-2026-011: Multiple vulnerabilities in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is vulnerable to XML External Entity injection, Path Traversal and Information…
TYPO3-EXT-SA-2026-010: SQL Injection in extension "News system" (news)
It has been discovered that the extension "News system" (news) is vulnerable to SQL Injection.
TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)
It has been discovered that the extension "Frontend User Registration" (sf_register) is vulnerable to Broken Access Control.
TYPO3-EXT-SA-2026-008: Remote Code Execution in extension "Site Crawler" (crawler)
It has been discovered that the extension "Site Crawler" (crawler) is vulnerable to Remote Code Execution.