CVE-2026-8727
Remote Code Execution in TYPO3 Crawler Extension
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: TYPO3
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| typo3 | site_crawler | From 11.0.12 (inc) to 12.0.11 (exc) |
| typo3 | site_crawler | to 12.0.10 (inc) |
| typo3 | site_crawler | 12.0.11 |
| typo3 | site_crawler | 11.0.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Site Crawler extension for TYPO3, where the extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize() function.
An attacker who controls a crawled endpoint can inject arbitrary serialized PHP objects through this header, which leads to Remote Code Execution (RCE) on the TYPO3 server.
Exploitation requires administrative privileges to configure a crawler-enabled page and trigger the crawl via a Scheduler task.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with administrative privileges to execute arbitrary code on the TYPO3 server remotely.
Such Remote Code Execution can lead to full compromise of the server, including unauthorized access to data, modification or deletion of content, and potential further attacks within the network.
Even non-super-admin administrators could exploit this vulnerability to escalate their privileges.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for the presence and use of the vulnerable Site Crawler extension versions (12.0.0 to 12.0.10 and 11.0.12 and below) on TYPO3 installations.
Since exploitation requires administrative privileges to configure a crawler-enabled page and trigger a crawl via a Scheduler task, checking for suspicious Scheduler tasks or crawler configurations may help detect potential exploitation attempts.
Additionally, monitoring HTTP responses for the presence of the X-T3Crawler-Meta response header could indicate crawler activity that might be exploited.
Specific commands are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Site Crawler extension to a fixed version: 12.0.11 or 11.0.13 or later.
Restrict administrative privileges to trusted users only, as exploitation requires administrative access to configure crawler-enabled pages and trigger Scheduler tasks.
Review and disable any unnecessary crawler-enabled pages or Scheduler tasks that could be abused.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows remote code execution on the TYPO3 server by exploiting insecure deserialization in the Site Crawler extension. Such unauthorized code execution can lead to unauthorized access, data breaches, or manipulation of sensitive information.
Consequently, this can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.
Organizations using affected versions of the extension should update immediately to mitigate risks that could lead to non-compliance.