TYPO3 CMS <10.4.57/11-11.5.50/12-12.4.45/13-13.4.30/14-14.3.2: File Mount Auth Bypass
CVE-2026-47343 Published on June 9, 2026
TYPO3 CMS - Destructive Actions on File Mount Folders
Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-47343 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-47343
Want to know whenever a new CVE is published for TYPO3? stack.watch will email you.
Affected Versions
TYPO3 CMS:- Before 10.4.57 is affected.
- Version 11.0.0 and below 11.5.51 is affected.
- Version 12.0.0 and below 12.4.46 is affected.
- Version 13.0.0 and below 13.4.31 is affected.
- Version 14.0.0 and below 14.3.3 is affected.