CVE-2026-6553
published 2026-04-21CVE-2026-6553: Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.17%
6.3th percentile
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms-backend | >= 14.2.0 < 14.3.0 | 14.3.0 |
| typo3 | typo3 | — | — |
| typo3 | typo3_cms | >= 14.2.0 < 14.3.0 | 14.3.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.07.3HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution
ghsa·2026-06-04
CVE-2026-45056 [MEDIUM] CWE-290 Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution
Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution
### Impact
The `matrix-sdk-crypto` crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the `sender_device_keys` property.
This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with (or is) the homeserver operator.
### Patches
This issue is fixed in `matrix-sdk-crypto` 0.16.1.
### Workarounds
There are no known workarounds for the issue.
### References
This issue was fixed in https://github.com/matrix-org/matrix-rust-sdk/pull/6553.
### For more information
If you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:security@ma
GHSA
TYPO3 CMS Stores Cleartext Password in User Settings Module
ghsa·2026-04-24
CVE-2026-6553 [HIGH] CWE-312 TYPO3 CMS Stores Cleartext Password in User Settings Module
TYPO3 CMS Stores Cleartext Password in User Settings Module
### Problem
The backend user settings module (`SetupModuleController`) incorrectly conflates entity data (like passwords or email address) with user-interface settings (like theme, display options) when persisting changes. As a result, passwords were stored in cleartext in the `uc` and `user_settings` fields of the `be_users` database table.
The cleartext data was only persisted if users changed their credentials in the backend user settings module when the TYPO3 14.2.0 release was used (not in any other version).
### Solution
Update to TYPO3 version 14.3.0 LTS which fixes the problem described.
> [!IMPORTANT]
> **Manual actions required**
>
> Updating to the patched release does not retroactively clean existing data. It is re
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-21
Published