typo3/cms-backend Security Advisories for v12.4.40 (3)
-
[MEDIUM] TYPO3 CMS has Broken Access Control in Backend API
PKSA-gksc-phy8-f181 CVE-2026-47352 GHSA-2j54-93q2-3hjq
Affected version: >=14.0.0,<14.3.3|>=13.0.0,<13.4.31|>=12.0.0,<12.4.46|>=11.0.0,<11.5.51|<10.4.57
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS: Broken Access Control in Media Module
PKSA-4mhm-w6hx-yhcy CVE-2026-47351 GHSA-q93m-25xv-94hh
Affected version: >=14.0.0,<14.3.3|>=13.0.0,<13.4.31|>=12.0.0,<12.4.46|>=11.0.0,<11.5.51|<10.4.57
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS Allows Broken Access Control in Edit Document Controller
PKSA-54yn-xn5g-k3j9 CVE-2025-59020 GHSA-5j7q-wmh7-cqhg
Affected version: >=10.0.0,<=10.4.54|>=11.0.0,<=11.5.48|>=12.0.0,<=12.4.40|>=13.0.0,<=13.4.22|>=14.0.0,<=14.0.1
Reported by:
GitHub