CVE-2026-47350 - Vulnerability Details - OpenCVE

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Typo3	Typo3

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://github.com/TYPO3/typo3/commit/195356996a60e40aeb2cd3e45a5f5c8940d5e116
https://github.com/TYPO3/typo3/commit/c9898d2e67608eda78f8bd1f06ee9cf05a872a56
https://typo3.org/security/advisory/typo3-core-sa-2026-012

History

Tue, 09 Jun 2026 11:15:00 +0000

Type	Values Removed	Values Added
Description		Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.
Title		TYPO3 CMS - Broken Access Control in DataHandler
First Time appeared		Typo3 Typo3 typo3
Weaknesses		CWE-862
CPEs		cpe:2.3:a:typo3:typo3::::::::
Vendors & Products		Typo3 Typo3 typo3
References		https://github.com/TYPO3/typo3/commit/195356996a60e40aeb2cd3e45a5f5c8940d5e116 https://github.com/TYPO3/typo3/commit/c9898d2e67608eda78f8bd1f06ee9cf05a872a56 https://typo3.org/security/advisory/typo3-core-sa-2026-012
Metrics		cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: TYPO3

Published: 2026-06-09T10:52:24.210Z

Updated: 2026-06-09T10:52:24.210Z

Reserved: 2026-05-19T12:49:25.966Z

Link: CVE-2026-47350

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-09T11:16:52.860

Modified: 2026-06-09T11:16:52.860

Link: CVE-2026-47350

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-09T12:30:04Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-47350", "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "state": "PUBLISHED", "assignerShortName": "TYPO3", "dateReserved": "2026-05-19T12:49:25.966Z", "datePublished": "2026-06-09T10:52:24.210Z", "dateUpdated": "2026-06-09T10:52:24.210Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "shortName": "TYPO3", "dateUpdated": "2026-06-09T10:52:24.210Z"}, "title": "TYPO3 CMS - Broken Access Control in DataHandler", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "type": "CWE"}]}], "affected": [{"vendor": "TYPO3", "product": "TYPO3 CMS", "collectionURL": "https://packagist.org", "packageName": "typo3/cms-core", "repo": "https://github.com/TYPO3/typo3", "modules": ["Core"], "versions": [{"status": "affected", "version": "13.0.0", "lessThan": "13.4.31", "versionType": "semver"}, {"status": "affected", "version": "14.0.0", "lessThan": "14.3.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.4.31", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.3.3", "versionStartIncluding": "14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "value": "Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3."}]}], "references": [{"url": "https://typo3.org/security/advisory/typo3-core-sa-2026-012", "tags": ["vendor-advisory"]}, {"url": "https://github.com/TYPO3/typo3/commit/c9898d2e67608eda78f8bd1f06ee9cf05a872a56", "name": "Git commit of main branch", "tags": ["patch"]}, {"url": "https://github.com/TYPO3/typo3/commit/195356996a60e40aeb2cd3e45a5f5c8940d5e116", "name": "Git commit of 13.4 branch", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Hyunseo Shin", "type": "reporter"}, {"lang": "en", "value": "Torben Hansen", "type": "remediation developer"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3."}], "id": "CVE-2026-47350", "lastModified": "2026-06-09T11:16:52.860", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "type": "Secondary"}]}, "published": "2026-06-09T11:16:52.860", "references": [{"source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "url": "https://github.com/TYPO3/typo3/commit/195356996a60e40aeb2cd3e45a5f5c8940d5e116"}, {"source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "url": "https://github.com/TYPO3/typo3/commit/c9898d2e67608eda78f8bd1f06ee9cf05a872a56"}, {"source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-012"}], "sourceIdentifier": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "type": "Secondary"}]}