PatchSiren cyber security CVE debrief

CVE-2026-47347 TYPO3 CVE debrief

A medium-severity open redirect vulnerability, CVE-2026-47347, was found in TYPO3 CMS. The vulnerability occurs when applications use GeneralUtility::sanitizeLocalUrl to allow only local URLs, making them vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. The vulnerability affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2.

Vendor: TYPO3
Product: TYPO3 CMS
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-09
Original CVE updated: 2026-06-09
Advisory published: 2026-06-09
Advisory updated: 2026-06-09

Who should care

Administrators and users of TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2 should apply the necessary patches to prevent exploitation.

Technical summary

The vulnerability has a CVSS score of 5.3 and is classified as CWE-601. It allows attackers to redirect users to external content, potentially leading to phishing attacks.

Defensive priority

Medium

Recommended defensive actions

Apply patches for TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2.
Use secure URL sanitization practices.

Evidence notes

The CVE record and NVD detail can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-47347) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-47347), respectively.

Official resources

CVE-2026-47347 CVE record
CVE.org
CVE-2026-47347 NVD detail
NVD
Source item URL
nvd_modified
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a

CVE-2026-47347 was published on 2026-06-09T11:16:52.457Z and modified on 2026-06-09T13:46:50.540Z.