CNNVD-202601-2303 Information
CNNVD ID
CNNVD-202601-2303
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
TYPO3 CMS是TYPO3开源的一个内容管理系统。 TYPO3 CMS存在安全漏洞,该漏洞源于具有重定向模块访问权限的后端用户可不受限制地读取、创建和修改任何重定向记录,可能导致插入或更改指向任意URL的重定向。以下版本受到影响:10.0.0版本至10.4.54版本、11.0.0版本至11.5.48版本、12.0.0版本至12.4.40版本、13.0.0版本至13.4.22版本和14.0.0版本至14.0.1版本。
Description (English)
TYPO3 CMS is a TYPO3 open source content management system. There is a security loophole in TYPO3 CMS, which stems from the unrestricted access to, and creation and modification of, any re-direction records by back-end users with re-direction module access, which may lead to the insertion or modification of re-direction to any URL. The following versions are affected: 10.0.0 to 10.4.54, 11.0.0 to 11.5.48, 12.0.0 to 12.4.40, 13.0.0 to 13.4.2 and 14.0.0 to 14.0.1.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
TYPO3
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/TYPO3/typo3/commit/8a46abd8993e3a5a31a834dcd6c8f91adef57ce4 https://github.com/TYPO3/typo3/commit/bac370df5c1c3fcf5ebc1c030fbd2bec86d6a686 https://github.com/TYPO3/typo3/commit/fbbae3b9a40d0420207ef7af990cdf1ac0612c0b https://typo3.org/security/advisory/typo3-core-sa-2026-002
Patch
https://typo3.org/security/advisory/typo3-core-sa-2026-002
Share on: