CVE-2026-47343
published 2026-06-09CVE-2026-47343: Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active…
PriorityP349high7.2CVSS 4.0
AVNACLATNPRLUINVCLVIHVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.24%
14.7th percentile
Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms-core | >= 0 < 10.4.57 | 10.4.57 |
| typo3 | cms-core | >= 11.0.0 < 11.5.51 | 11.5.51 |
| typo3 | cms-core | >= 12.0.0 < 12.4.46 | 12.4.46 |
| typo3 | cms-core | >= 13.0.0 < 13.4.31 | 13.4.31 |
| typo3 | cms-core | >= 14.0.0 < 14.3.3 | 14.3.3 |
| typo3 | typo3_cms | < 10.4.57 | 10.4.57 |
| typo3 | typo3_cms | >= 11.0.0 < 11.5.51 | 11.5.51 |
| typo3 | typo3_cms | >= 12.0.0 < 12.4.46 | 12.4.46 |
| typo3 | typo3_cms | >= 13.0.0 < 13.4.31 | 13.4.31 |
| typo3 | typo3_cms | >= 14.0.0 < 14.3.3 | 14.3.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
TYPO3 CMS up to 14.3.2 Active File authorization (EUVD-2026-35392 / WID-SEC-2026-1835)
vuldb·2026-06-13·CVSS 7.2
CVE-2026-47343 [HIGH] TYPO3 CMS up to 14.3.2 Active File authorization (EUVD-2026-35392 / WID-SEC-2026-1835)
A vulnerability was found in TYPO3 CMS up to 10.4.56/11.5.50/12.4.45/13.4.30/14.3.2. It has been classified as critical. This vulnerability affects unknown code of the component Active File Handler. This manipulation causes missing authorization.
This vulnerability appears as CVE-2026-47343. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is recommended.
GHSA
TYPO3 CMS: Destructive Actions on File Mount Folders
ghsa·2026-06-12
CVE-2026-47343 [HIGH] CWE-862 TYPO3 CMS: Destructive Actions on File Mount Folders
TYPO3 CMS: Destructive Actions on File Mount Folders
### Problem
Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions.
### Solution
Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described.
### Credits
TYPO3 CMS thanks Arne Uplegger for reporting this issue, and TYPO3 security team member Elias Häußler for fixing it.
### Resources
* [TYPO3-CORE-SA-2026-007](https://typo3.org/security/advisory/typo3-core-sa-2026-007)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-09
Published