CVE-2026-0859

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2026-0859
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0859.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-0859
Aliases
Published
2026-01-13T12:15:50.383Z
Modified
2026-01-16T06:52:37.167789Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

References

Affected packages

Git

github.com/benjaminkott/bootstrap_package

Affected ranges

Type
GIT
Repo
https://github.com/benjaminkott/bootstrap_package
Events
Introduced
a9914eb78915ee33a47e4317637b3b03a692fe58
Fixed
ee7b28acd9e8b5f0c6eae34f67a67bcc68e0dc96

Affected versions

14.*

14.0.0
14.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0859.json"

github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3225d705080a1bde57a66689621c947da5a4782f
Fixed
722bf71c118b0a8e4f2c2494854437d846799a13
Fixed
e0f0ceee480c203fbb60b87454f5f193e541d27f

Affected versions

6.*

6.2.0
6.2.1
6.2.2
6.2.3

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.6.2

8.*

8.0.0
8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0

Other

TYPO3_6-1-0rc1
TYPO3_6-2-0
TYPO3_6-2-0alpha1
TYPO3_6-2-0alpha2
TYPO3_6-2-0alpha3
TYPO3_6-2-0beta1
TYPO3_6-2-0beta2
TYPO3_6-2-0beta3
TYPO3_6-2-0beta4
TYPO3_6-2-0beta5
TYPO3_6-2-0beta6
TYPO3_6-2-0beta7
TYPO3_6-2-0rc1
TYPO3_6-2-0rc2
TYPO3_6-2-1
TYPO3_6-2-2
TYPO3_6-2-3
TYPO3_7-0-0
TYPO3_7-1-0
TYPO3_7-2-0
TYPO3_7-3-0
TYPO3_7-4-0
TYPO3_7-5-0
TYPO3_7-6-0
TYPO3_7-6-1
TYPO3_7-6-2
TYPO3_8-0-0
TYPO3_8-1-0
TYPO3_8-2-0
TYPO3_8-3-0
TYPO3_8-4-0
TYPO3_8-5-0
TYPO3_8-6-0
TYPO3_8-7-0

v10.*

v10.0.0
v10.1.0
v10.2.0
v10.3.0
v10.4.0
v10.4.1
v10.4.2
v10.4.3

v11.*

v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.2
v11.5.3

v12.*

v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.10
v12.4.11
v12.4.12
v12.4.13
v12.4.14
v12.4.15
v12.4.16
v12.4.17
v12.4.18
v12.4.19
v12.4.2
v12.4.20
v12.4.21
v12.4.22
v12.4.23
v12.4.24
v12.4.25
v12.4.26
v12.4.27
v12.4.28
v12.4.29
v12.4.3
v12.4.30
v12.4.31
v12.4.32
v12.4.33
v12.4.34
v12.4.35
v12.4.36
v12.4.37
v12.4.38
v12.4.39
v12.4.4
v12.4.40
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.4.9

v13.*

v13.0.0
v13.1.0
v13.2.0
v13.2.1
v13.3.0
v13.4.0
v13.4.1
v13.4.10
v13.4.11
v13.4.12
v13.4.13
v13.4.14
v13.4.15
v13.4.16
v13.4.17
v13.4.18
v13.4.19
v13.4.2
v13.4.20
v13.4.21
v13.4.22
v13.4.3
v13.4.4
v13.4.5
v13.4.6
v13.4.7
v13.4.8
v13.4.9

v14.*

v14.0.0

v9.*

v9.0.0
v9.1.0
v9.2.0
v9.3.0
v9.4.0
v9.5.0
v9.5.1
v9.5.2
v9.5.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0859.json"

github.com/typo3/typo3.cms

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3.cms
Events
Introduced
36096733dea4bd6f6168209609fa879dc25c0138
Fixed
29ccb6fc4887fcb0f0ceac5bfd24d4993176c412

Affected versions

v12.*

v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.10
v12.4.11
v12.4.12
v12.4.13
v12.4.14
v12.4.15
v12.4.16
v12.4.17
v12.4.18
v12.4.19
v12.4.2
v12.4.20
v12.4.21
v12.4.22
v12.4.23
v12.4.24
v12.4.25
v12.4.26
v12.4.27
v12.4.28
v12.4.29
v12.4.3
v12.4.30
v12.4.31
v12.4.32
v12.4.33
v12.4.34
v12.4.35
v12.4.36
v12.4.37
v12.4.38
v12.4.39
v12.4.4
v12.4.40
v12.4.5
v12.4.6
v12.4.7
v12.4.8
v12.4.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0859.json"