ByteOS Network

NVD Vulnerability Details :

CVE-2026-47343

Received

Source-f4fb688c-4412-4426-b4b8-421ecf27b14a

Published At-09 Jun, 2026 | 11:16

Updated At-09 Jun, 2026 | 11:16

Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	7.2	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-862	Secondary	f4fb688c-4412-4426-b4b8-421ecf27b14a

CWE ID: CWE-862

Type: Secondary

Source: f4fb688c-4412-4426-b4b8-421ecf27b14a

References

Hyperlink	Source	Resource
https://github.com/TYPO3/typo3/commit/504e72470ff72aaf5d2256878bf473747f389798	f4fb688c-4412-4426-b4b8-421ecf27b14a	N/A
https://github.com/TYPO3/typo3/commit/ac4125aef8b9b94528a7f74db2444db57b05a87b	f4fb688c-4412-4426-b4b8-421ecf27b14a	N/A
https://typo3.org/security/advisory/typo3-core-sa-2026-007	f4fb688c-4412-4426-b4b8-421ecf27b14a	N/A