TYPO3 CMS – Broken Access Control in Clipboard_CVE-2026-47351

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.

Basic Information

ID CVE-2026-47351

Source TYPO3

Published Jun 9, 2026 at 10:52

Affected Product

Vendor TYPO3

Product TYPO3 CMS

Version 10.4.0

Affected Versions TYPO3 TYPO3 CMS 10.4.0
TYPO3 TYPO3 CMS 14.0.0

CWE Classification

CWE-862 CWE-200

References

{
    "lastseen": "",
    "description": "Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.",
    "published": "2026-06-09T10:52:38.150Z",
    "modified": "2026-06-09T10:52:38.150Z",
    "type": "cve",
    "title": "TYPO3 CMS - Broken Access Control in Clipboard",
    "source": "TYPO3",
    "references": "https://typo3.org/security/advisory/typo3-core-sa-2026-014\nhttps://github.com/TYPO3/typo3/commit/932fbb9fcea25094e8bcc0f0ec5aab56b1d92451\nhttps://github.com/TYPO3/typo3/commit/2740707563343d78184c0b7c6303a7484553d7f3",
    "id": "CVE-2026-47351",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862",
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "TYPO3 TYPO3 CMS 10.4.0\nTYPO3 TYPO3 CMS 14.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TYPO3 CMS",
    "version": "10.4.0",
    "vendor": "TYPO3",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}