CVE-2026-4202
Authorization Bypass in Extension Exposes Redirect Records
Publication date: 2026-03-17
Last updated on: 2026-04-25
Assigner: TYPO3
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ayacoo | redirect_tab | to 2.1.2 (exc) |
| ayacoo | redirect_tab | From 3.0.0 (inc) to 3.1.7 (exc) |
| ayacoo | redirect_tab | From 4.0.0 (inc) to 4.0.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'The vulnerability exists in the TYPO3 extension "Redirect Tab" (redirect_tab), where the extension fails to verify if an authenticated user has the necessary permissions to access redirect records when editing a page.'}, {'type': 'paragraph', 'content': 'This means that users who are logged in but should not have access to certain redirect records can still view them, leading to unauthorized exposure of sensitive redirect information.'}, {'type': 'paragraph', 'content': 'The issue is classified as a Broken Access Control vulnerability, linked to missing authorization (CWE-862) and information exposure (CWE-200).'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized users viewing redirect records that they should not have access to.
While the severity is considered low, the exposure of redirect records could potentially reveal sensitive information about website structure or user navigation paths.
This could be exploited by attackers or unauthorized users to gather information that might assist in further attacks or reconnaissance.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves unauthorized access to redirect records in the TYPO3 extension "Redirect Tab" due to missing permission checks. Detection would involve verifying if users without proper permissions can access or edit redirect records.'}, {'type': 'paragraph', 'content': 'Since the issue is specific to the TYPO3 extension and its permission handling, detection on the system would require checking the version of the redirect_tab extension installed and testing access controls within the TYPO3 backend.'}, {'type': 'paragraph', 'content': 'No specific network or system commands are provided in the available resources to detect this vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the TYPO3 extension "Redirect Tab" to a fixed version.'}, {'type': 'list_item', 'content': 'Upgrade to version 4.0.5 or later if using the 4.x series.'}, {'type': 'list_item', 'content': 'Upgrade to version 3.1.7 or later if using the 3.x series.'}, {'type': 'list_item', 'content': 'Upgrade to version 2.1.2 or later if using the 2.x series.'}, {'type': 'paragraph', 'content': 'These updates are available via the TYPO3 extension manager, Packagist, and the TYPO3 extensions repository.'}, {'type': 'paragraph', 'content': 'Additionally, users are recommended to follow the TYPO3 Security Guide and subscribe to the typo3-announce mailing list for further security updates.'}] [1]