TYPO3 CMS <=14.3.3 Auth Bypass: Move records w/o edit perms.
CVE-2026-47350 Published on June 9, 2026

TYPO3 CMS - Broken Access Control in DataHandler
Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.

Vendor Advisory NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-47350 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2026-47350

Want to know whenever a new CVE is published for TYPO3? stack.watch will email you.

TYPO3

Affected Versions

TYPO3 CMS:

Version 13.0.0 and below 13.4.31 is affected.
Version 14.0.0 and below 14.3.3 is affected.

TYPO3 CMS <=14.3.3 Auth Bypass: Move records w/o edit perms.CVE-2026-47350 Published on June 9, 2026

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2026-47350

Affected Versions

TYPO3 CMS <=14.3.3 Auth Bypass: Move records w/o edit perms.
CVE-2026-47350 Published on June 9, 2026