CVE-2026-49738EPSS p40.1%

CVE-2026-49738CVE-2026-49738

Description

The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator users with access to the File Abstraction Layer were able to create new file storage definitions pointing to directories outside the project root, bypassing this path check. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3.

Scoring

EPSS0.52% probability of exploitation · percentile 40.1% · 2026-06-18T12:00:27Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-47343
CVE
CVE-2026-49742
CVE
CVE-2026-47352
CVE
CVE-2026-47346
CVE
CVE-2026-49740
CVE
CVE-2026-47351
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.