CVE-2026-47351
Received Received - Intake
TYPO3 CMS Clipboard Permission Bypass

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: TYPO3

Description
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-47351
EUVD
EUVD-2026-35398
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
typo3 typo3_cms From 10.4.0 (inc) to 13.4.30 (inc)
typo3 typo3_cms From 14.0.0 (inc) to 14.3.2 (inc)
typo3 typo3_cms 10.4.57
typo3 typo3_cms 11.5.51
typo3 typo3_cms 12.4.46
typo3 typo3_cms 13.4.31
typo3 typo3_cms 14.3.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in TYPO3 CMS involves the clipboard functionality used by backend users to store records and files for copying or moving.

The issue is that while copy and move operations had proper permission checks, the clipboard insertion step did not correctly validate read permissions.

As a result, backend users could insert arbitrary records and files into the clipboard without having the necessary read permissions, potentially exposing sensitive information about those records or files.

The vulnerability affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2.

Compliance Impact

The vulnerability allows backend users to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which can lead to unauthorized access to sensitive information. This unauthorized exposure of data could potentially violate data protection requirements found in common standards and regulations such as GDPR and HIPAA, which mandate strict access controls and protection of personal and sensitive information.

By enabling users to view information they are not authorized to access, the vulnerability undermines the principle of least privilege and could result in non-compliance with regulations that require safeguarding sensitive data against unauthorized access.

Remediation by updating to patched TYPO3 versions and following security best practices is necessary to restore compliance and protect sensitive data.

Impact Analysis

This vulnerability can impact you by allowing unauthorized backend users to access information about records and files they are not permitted to view.

Since the clipboard insertion does not properly check read permissions, sensitive data could be exposed to users without the correct authorization.

This unauthorized access could lead to information disclosure within your TYPO3 CMS environment, potentially compromising data confidentiality.

Mitigation Strategies

To mitigate the CVE-2026-47351 vulnerability, you should update your TYPO3 CMS installation to one of the patched versions: 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS.

The vulnerability is caused by improper permission checks in the clipboard functionality, so applying the update will ensure that only records and files the backend user has read access to can be inserted into the clipboard.

Additionally, it is recommended to follow the TYPO3 Security Guide recommendations and subscribe to the typo3-announce mailing list for ongoing security updates.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47351. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart