PatchSiren cyber security CVE debrief
CVE-2026-47349 TYPO3 CVE debrief
CVE-2026-47349 is a vulnerability in TYPO3 CMS that allows backend users with access to the Recycler module to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31, and 14.0.0-14.3.3.
- Vendor
- TYPO3
- Product
- TYPO3 CMS
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of TYPO3 CMS, particularly those with backend user access to the Recycler module, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.3 and is classified as MEDIUM severity. It was published on [cvePublishedAt] and modified on [cveModifiedAt].
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to a patched version of TYPO3 CMS (10.4.57, 11.5.51, 12.4.46, 13.4.31, or 14.3.3 or later).
- Restrict access to the Recycler module for backend users who do not need it.
Evidence notes
The CVE record and NVD detail can be found at [resourceLinkAnnotations:cve-org] and [resourceLinkAnnotations:nvd], respectively. Additional information is available at [resourceLinkAnnotations:ref-4], [resourceLinkAnnotations:ref-5], and [resourceLinkAnnotations:ref-6].
Official resources
-
CVE-2026-47349 CVE record
CVE.org
-
CVE-2026-47349 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a
-
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a
-
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a
CVE-2026-47349 was published on 2026-06-09T11:16:52.720Z and modified on 2026-06-09T13:46:50.540Z.