CVE-2026-47352EPSS p32.9%

CVE-2026-47352CVE-2026-47352

Description

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3.

Scoring

EPSS0.41% probability of exploitation · percentile 32.9% · 2026-06-19T12:03:05Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-47343
CVE
CVE-2026-47351
CVE
CVE-2026-49742
CVE
CVE-2026-47349
CVE
CVE-2026-49738
CVE
CVE-2025-59017
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.