PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-47343 TYPO3 CVE debrief

CVE-2026-47343 is a high-severity vulnerability affecting TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2. The issue allows non-privileged backend users with file mount access to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This vulnerability has a CVSS score of 7.2 and is classified as HIGH.

Vendor
TYPO3
Product
TYPO3 CMS
CVSS
HIGH 7.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-09
Advisory published
2026-06-09
Advisory updated
2026-06-09

Who should care

Users of TYPO3 CMS, especially those with non-privileged backend users who have file mount access, should be aware of this vulnerability and take necessary actions to mitigate it.

Technical summary

The vulnerability is caused by missing authorization restrictions for non-privileged backend users with file mount access. This allows them to perform write operations on folders representing the root of an active file mount.

Defensive priority

High

Recommended defensive actions

  • Update TYPO3 CMS to version 10.4.57 or later, 11.5.51 or later, 12.4.46 or later, 13.4.31 or later, or 14.3.3 or later.
  • Restrict file mount access to only privileged users.
  • Monitor and audit backend user activities.

Evidence notes

The CVE record and NVD detail pages provide evidence of this vulnerability. [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-47343) [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-47343)

Official resources

CVE-2026-47343 was published on 2026-06-09T11:16:52.193Z and modified on 2026-06-09T13:46:50.540Z.