CVE-2026-47351

Source
https://cve.org/CVERecord?id=CVE-2026-47351
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47351.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47351
Aliases
Published
2026-06-09T10:52:38.150Z
Modified
2026-07-08T08:05:18.218846861Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
TYPO3 CMS - Broken Access Control in Clipboard
Details

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47351.json",
    "cna_assigner": "TYPO3",
    "cwe_ids": [
        "CWE-200",
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "10.4.0"
        },
        {
            "fixed": "13.4.31"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.3.3"
        }
    ]
}

Affected versions

v10.*
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v11.*
v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.2
v11.5.3
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v13.*
v13.0.0
v13.1.0
v13.2.0
v13.2.1
v13.3.0
v13.4.0
v13.4.1
v13.4.10
v13.4.11
v13.4.12
v13.4.13
v13.4.14
v13.4.15
v13.4.16
v13.4.17
v13.4.18
v13.4.19
v13.4.2
v13.4.20
v13.4.21
v13.4.22
v13.4.23
v13.4.24
v13.4.25
v13.4.26
v13.4.27
v13.4.28
v13.4.29
v13.4.3
v13.4.30
v13.4.4
v13.4.5
v13.4.6
v13.4.7
v13.4.8
v13.4.9
v14.*
v14.0.0
v14.1.0
v14.2.0
v14.3.0
v14.3.1
v14.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47351.json"