typo3/cms-backend Security Advisories for v14.2.0 (3)
-
[MEDIUM] TYPO3 CMS has Broken Access Control in Backend API
PKSA-gksc-phy8-f181 CVE-2026-47352 GHSA-2j54-93q2-3hjq
Affected version: >=14.0.0,<14.3.3|>=13.0.0,<13.4.31|>=12.0.0,<12.4.46|>=11.0.0,<11.5.51|<10.4.57
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS: Broken Access Control in Media Module
PKSA-4mhm-w6hx-yhcy CVE-2026-47351 GHSA-q93m-25xv-94hh
Affected version: >=14.0.0,<14.3.3|>=13.0.0,<13.4.31|>=12.0.0,<12.4.46|>=11.0.0,<11.5.51|<10.4.57
Reported by:
GitHub -
[HIGH] TYPO3 CMS Stores Cleartext Password in User Settings Module
PKSA-j4dd-3nrn-j8w4 CVE-2026-6553 GHSA-xvv6-p4wf-mvx7
Affected version: =14.2.0
Reported by:
GitHub