CVE-2026-1323
Deserialization Vulnerability in TYPO3 Mail Extension Enables Code Execution
Publication date: 2026-03-17
Last updated on: 2026-04-25
Assigner: TYPO3
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cps-it | mailqueue | to 0.4.5 (exc) |
| cps-it | mailqueue | From 0.5.0 (inc) to 0.5.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'The TYPO3 extension "Mailqueue" is vulnerable to insecure deserialization. This means it does not properly restrict which classes can be used when deserializing transport failure metadata. Because of this, an attacker who can write to a specific directory configured in the system can exploit this flaw to execute untrusted serialized code.'}] [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary code on the system where the TYPO3 Mailqueue extension is installed. This can lead to unauthorized actions, potential system compromise, and data breaches. However, exploitation requires the attacker to have write access to a specific directory configured in the TYPO3 system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects specific versions of the TYPO3 extension "Mailqueue" (cpsit/typo3-mailqueue), specifically versions 0.5.0 to 0.5.1, 0.4.4, and earlier. Detection involves identifying if these vulnerable versions are installed.'}, {'type': 'paragraph', 'content': "You can check the installed version of the mailqueue extension using TYPO3's extension manager or by inspecting the Composer package version."}, {'type': 'paragraph', 'content': 'For example, to check the installed Composer package version, you can run the following command in your TYPO3 project directory:'}, {'type': 'list_item', 'content': 'composer show cpsit/typo3-mailqueue'}, {'type': 'paragraph', 'content': "Additionally, verify the configuration variable $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'] to identify the directory where serialized transport failure metadata is stored. Check if this directory is writable by untrusted users, which is a prerequisite for exploitation."}, {'type': 'paragraph', 'content': 'To check directory permissions on a Unix-like system, you can use:'}, {'type': 'list_item', 'content': 'ls -ld /path/to/transport_spool_filepath'}, {'type': 'paragraph', 'content': 'Replace /path/to/transport_spool_filepath with the actual path from your TYPO3 configuration.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the TYPO3 mailqueue extension to a fixed version.'}, {'type': 'list_item', 'content': 'Upgrade to version 0.5.2 or later, or 0.4.5 or later, as these versions contain the fix for this vulnerability.'}, {'type': 'paragraph', 'content': 'You can update the extension via the TYPO3 extension manager, Packagist, or the TYPO3 extensions repository.'}, {'type': 'paragraph', 'content': "Additionally, ensure that the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'] is not writable by untrusted users, as write access is required for exploitation."}, {'type': 'paragraph', 'content': 'Follow general TYPO3 security best practices, including subscribing to the typo3-announce mailing list and consulting the TYPO3 Security Guide.'}] [1]