HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-47343Published Modified CNA TYPO3

CVE-2026-47343: TYPO3 CMS - Destructive Actions on File Mount Folders

Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.

Metrics

CVSS v4.0
7.2
Severity
HIGH
Fixed in
10.4.57
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An authorization bypass in TYPO3 CMS allows non-privileged backend users with file mount access to perform destructive write operations, including moving, deleting, and renaming folders that serve as the root of an active file mount. The vulnerability is reachable over the network and requires only a low-privilege backend account with no additional interaction from other users. Successful exploitation lets an attacker tamper with or destroy file mount structures, disrupting access to files across the application. Patched-image rebuilds at versions 10.4.57, 11.5.51, 12.4.46, 13.4.31, and 14.3.3 are available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-47343 is available across every HarborGuard environment, with the CVE matched against images in customer registries and CI/CD pipelines within minutes of publication. This matching covers custom-built images that bundle TYPO3 CMS, not only upstream base images.

Available
Triage

HarborGuard is capable of scoring this CVE at its published CVSS v4.0 severity of 7.2 (HIGH) and weighting that score against each environment's compliance policy configuration. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership and severity thresholds.

Available
Patch

A patched-image rebuild targeting the applicable fix versions (10.4.57, 11.5.51, 12.4.46, 13.4.31, or 14.3.3, depending on the installed branch) is available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against the affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint is exposed over the network, so an attacker must be able to reach the TYPO3 backend via HTTP/HTTPS.

  • AuthenticationRequired

    A valid TYPO3 backend account with file mount access is needed, though any low-privilege account with that access is sufficient.

  • Victim interactionNot required

    The attacker can perform the destructive file mount operations entirely on their own, with no action required from another user.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; no race conditions, specific memory layout, or unusual environmental factors are required.

Blast Radius

  • An attacker can delete the root folder of any file mount they have access to, permanently destroying stored files and making the mount unavailable to all users.
  • An attacker can rename or move file mount root folders, breaking application references to those paths and disrupting content delivery or backend workflows that depend on them.
  • Integrity of the file system structure within affected mounts is compromised, which may cause cascading errors in TYPO3 pages or extensions that rely on those file resources.
  • Availability of file-dependent content is degraded for the duration that the mount root remains missing or mislocated.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-47343 activates automatically against any customer image containing an affected TYPO3 CMS version, covering all active branches from 10.x through 14.x. Where compliance policy permits, HarborGuard can rebuild the image at the appropriate patched version (10.4.57, 11.5.51, 12.4.46, 13.4.31, or 14.3.3), run a regression test pass, and open a pull request against affected workloads. For environments with auto-remediation enabled, the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes. For environments where auto-remediation is not enabled, the finding appears in the HarborGuard dashboard with CVSS scoring and policy-weighted priority so the owning team can act manually. Until a patched image is deployed, network-policy controls that restrict which backend user roles can reach file management endpoints provide a meaningful compensating control.

See how HarborGuard automates this

Fix available

10.4.5711.5.5112.4.4613.4.3114.3.3
Patch commits
Affected packages
  • TYPO3 / TYPO3 CMS
    < 10.4.57 (from 0) · < 11.5.51 (from 11.0.0) · < 12.4.46 (from 12.0.0) · < 13.4.31 (from 13.0.0) · < 14.3.3 (from 14.0.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
References