SB2026052736 - Multiple vulnerabilities in Faceted Search extension for TYPO3

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026052736

SB2026052736 - Multiple vulnerabilities in Faceted Search extension for TYPO3

Published: May 27, 2026

Security Bulletin ID SB2026052736
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) XML External Entity injection (CVE-ID: CVE-2026-46722)

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the OOXML parsing of the file indexer does not disable external entity resolution. A remote administrator can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.


2) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2026-46723)

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A remote administrator can copy sensitive data from internal TYPO3 tables into the search index.


3) Path traversal (CVE-ID: CVE-2026-46724)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the file indexer. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.


Remediation

Install update from vendor's website.

References