Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.
Loading...
Loading...
This medium-severity CVE scores 5.3 under the CNA's CVSS (NVD's own analysis pending). EPSS exploit probability: 0.4%, top 67% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.
June 9, 2026
June 9, 2026
Fix landed in TYPO3/typo3 commit 195356996a60 — awaiting tagged release
https://github.com/TYPO3/typo3/commit/195356996a60e40aeb2cd3e45a5f5c8940d5e116Fix landed in TYPO3/typo3 commit c9898d2e6760 — awaiting tagged release
https://github.com/TYPO3/typo3/commit/c9898d2e67608eda78f8bd1f06ee9cf05a872a56These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Explore the affected products and dependency analysis for CVE-2026-47350
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
CWE-862