PatchSiren cyber security CVE debrief
CVE-2026-47351 TYPO3 CVE debrief
CVE-2026-47351 is a medium-severity vulnerability in TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2. The issue allows backend users to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, potentially allowing users to gather information about records and files they are not authorized to view. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.3, indicating a medium severity level. The vulnerability is classified under CWE-200 and CWE-862.
- Vendor
- TYPO3
- Product
- TYPO3 CMS
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper read permission checks when inserting arbitrary records and files into the TYPO3 clipboard. This allows backend users to potentially gather information about records and files they are not authorized to view.
Defensive priority
Medium
Recommended defensive actions
- Update TYPO3 CMS to version 10.4.31 or later, 13.4.31 or later, or 14.3.3 or later.
- Review and adjust backend user permissions to ensure proper read access controls are in place.
Evidence notes
The CVE-2026-47351 vulnerability was made public on [cvePublishedAt] and last modified on [cveModifiedAt].
Official resources
-
CVE-2026-47351 CVE record
CVE.org
-
CVE-2026-47351 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a
-
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a
-
Source reference
f4fb688c-4412-4426-b4b8-421ecf27b14a
CVE-2026-47351 was published on 2026-06-09T11:16:52.993Z and last modified on 2026-06-09T13:46:50.540Z.