CVE-2026-47343

Source
https://cve.org/CVERecord?id=CVE-2026-47343
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47343.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47343
Aliases
Published
2026-06-09T10:49:07.575Z
Modified
2026-07-08T08:13:38.965314949Z
Severity
  • 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
TYPO3 CMS - Destructive Actions on File Mount Folders
Details

Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "10.4.57"
                },
                {
                    "introduced": "11.0.0"
                },
                {
                    "fixed": "11.5.51"
                },
                {
                    "introduced": "12.0.0"
                },
                {
                    "fixed": "12.4.46"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47343.json",
    "cna_assigner": "TYPO3",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "13.0.0"
        },
        {
            "fixed": "13.4.31"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.3.3"
        }
    ]
}

Affected versions

v13.*
v13.0.0
v13.1.0
v13.2.0
v13.2.1
v13.3.0
v13.4.0
v13.4.1
v13.4.10
v13.4.11
v13.4.12
v13.4.13
v13.4.14
v13.4.15
v13.4.16
v13.4.17
v13.4.18
v13.4.19
v13.4.2
v13.4.20
v13.4.21
v13.4.22
v13.4.23
v13.4.24
v13.4.25
v13.4.26
v13.4.27
v13.4.28
v13.4.29
v13.4.3
v13.4.30
v13.4.4
v13.4.5
v13.4.6
v13.4.7
v13.4.8
v13.4.9
v14.*
v14.0.0
v14.1.0
v14.2.0
v14.3.0
v14.3.1
v14.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47343.json"