CVE-2026-47343 HIGH

CVE-2026-47343: TYPO3 CMS - Destructive Actions on File Mount Folders

Vendor Typo3

Product TYPO3 CMS

Weakness CWE-862 · Missing authorization

Published June 9, 2026

Last update June 9, 2026

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

Description

Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.

Key dates

Disclosure timeline

June 9, 2026 CVE published

June 9, 2026 Record updated

Identifiers

CVE CVE-2026-47343

CWE CWE-862

CVSS 7.2 / HIGH

Affected versions

Vendor Typo3

Product TYPO3 CMS

Affected < 10.4.57

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 11.0.0 and < 11.5.51

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 12.0.0 and < 12.4.46

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 13.0.0 and < 13.4.31

Vendor Typo3

Product TYPO3 CMS

Affected ≥ 14.0.0 and < 14.3.3