Technologyglobal✓ verified · 90%

TYPO3 CMS: Broken Access Control in Media Module

Name: TYPO3 CMS: Broken Access Control in Media Module
Start: 2026-06-12T19:06:59Z
Location: Global (internet)

When: 2026-06-12 19:06 UTC
Where: Global (internet)
Category: cyber_advisory · composer

### Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. ### Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. ### Credits TYPO3 CMS thanks Vincent Yang for reporting this issue, and to TYPO3 security team member Elias Häußler for fixing it. ### Resources * [TYPO3-CORE-SA-2026-014](https://typo3.org/security/advisory/typo3-core-sa-2026-014)

Sources

GitHub Advisory Database ↗ · first seen 2026-06-12 19:06 UTC

Defaxon links out to the original reporting and never republishes article text.

Correlated events

Computed by the Defaxon correlation engine — linked by shared actors, co-location, and temporal proximity. Scored hypotheses, never causal claims.

No correlated events found in the current window. As more events arrive, connections form automatically.

← Back to the live map