Typo3 Security Vulnerabilities (CVEs)
Track 23 security vulnerabilities affecting Typo3 products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes an authorization bypass vulnerability in TYPO3 CMS where backend users with redirect module access and write permissions could mani...
Jan 13, 2026This vulnerability allows backend users with access to the recycler module to delete arbitrary data from any database table defined in TYPO3's TCA, re...
Jan 13, 2026This CVE describes a deserialization vulnerability in TYPO3 CMS mail file spool functionality. Local users with write access to the spool directory ca...
Jan 13, 2026This vulnerability allows authenticated TYPO3 backend users with write permissions to bypass field-level access controls during record creation. By ex...
Jan 13, 2026This vulnerability allows authenticated backend users in TYPO3 CMS to download CSV files containing data from database tables they shouldn't have acce...
Sep 9, 2025This vulnerability in TYPO3 CMS's password generation component uses a predictable three-character prefix, reducing randomness and making brute-force ...
Sep 9, 2025This vulnerability allows authenticated backend users in TYPO3 CMS to obtain sensitive file path information through error messages when file operatio...
Sep 9, 2025This vulnerability allows authenticated backend users in TYPO3 CMS to bypass authorization checks and directly access AJAX backend routes they shouldn...
Sep 9, 2025An open-redirect vulnerability in TYPO3 CMS's GeneralUtility::sanitizeLocalUrl function allows attackers to redirect users to malicious external websi...
Sep 9, 2025The femanager extension for TYPO3 contains an Insecure Direct Object Reference vulnerability that allows attackers to modify user data without proper ...
Jul 22, 2025This vulnerability in TYPO3's file management module allows backend users to upload potentially harmful files like executables or files with mismatche...
May 20, 2025This vulnerability allows TYPO3 administrator-level backend users without system maintainer privileges to escalate their privileges and gain system ma...
May 20, 2025This CSRF vulnerability in TYPO3's backend allows attackers to manipulate or delete form definitions when authenticated backend users interact with ma...
Jan 14, 2025This CSRF vulnerability in TYPO3's backend allows attackers to trick authenticated backend users into executing unauthorized actions via malicious lin...
Jan 14, 2025This CSRF vulnerability in TYPO3's backend user interface allows attackers to trick authenticated backend users into performing unauthorized state-cha...
Jan 14, 2025This CSRF vulnerability in TYPO3's backend user interface allows attackers to perform unauthorized password resets or session terminations for other b...
Jan 14, 2025This CSRF vulnerability in TYPO3's backend allows attackers to trick authenticated backend users into performing unauthorized actions via malicious li...
Jan 14, 2025This vulnerability in TYPO3's URI parsing component allows attackers to bypass host validation checks when processing externally provided URLs. This c...
Jan 14, 2025This vulnerability in TYPO3's ShowImageController allows attackers to trigger unlimited thumbnail generation by manipulating the 'frame' parameter wit...
May 14, 2024This CVE describes a cross-site scripting (XSS) vulnerability in TYPO3's form manager backend module. It allows authenticated backend users with form ...
May 14, 2024This CVE describes a command injection vulnerability in TYPO3's Install Tool that allows authenticated admin users with system maintainer privileges t...
Mar 5, 2024This vulnerability in TYPO3 allows authenticated backend users to access files in the fallback storage via the File Abstraction Layer, potentially exp...
Feb 13, 2024This vulnerability allows unauthenticated attackers to upload arbitrary files with any extension to TYPO3 CMS servers. It affects TYPO3 installations ...
Mar 23, 2021Why Monitor Typo3 Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 23+ known vulnerabilities affecting Typo3 products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Typo3 packages in under 60 seconds. No agents required - completely agentless scanning that works across Typo3 deployments.
Free vulnerability database: Access detailed information about every Typo3 CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Typo3 CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
