Typo3 cms

This hub aggregates every CVE we track for Typo3 cms, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Typo3 cms.

• CVE-2026-6553TYPO3 CMS Stores Cleartext Password in User Settings Module7.5Apr 21, 2026
• CVE-2026-0859TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool7.8Jan 13, 2026
• CVE-2025-59022TYPO3 CMS Allows Broken Access Control in Recycler Module8.1Jan 13, 2026
• CVE-2025-59021TYPO3 CMS Allows Broken Access Control in Redirects Module6.4Jan 13, 2026
• CVE-2025-59020TYPO3 CMS Allows Broken Access Control in Edit Document Controller6.5Jan 13, 2026
• CVE-2025-59019Information Disclosure via CSV Download4.3Sep 9, 2025
• CVE-2025-59018Information Disclosure in Workspaces Module6.5Sep 9, 2025
• CVE-2025-59017Broken Access Control in Backend AJAX Routes8.8Sep 9, 2025
• CVE-2025-59016Information Disclosure via File Abstraction Layer4.3Sep 9, 2025
• CVE-2025-59015Insufficient Entropy in Password Generation6.5Sep 9, 2025
• CVE-2025-59014Denial of Service in TYPO3 Bookmark Toolbar2.7Sep 9, 2025
• CVE-2025-59013Open Redirect in TYPO3 CMS6.1Sep 9, 2025
• CVE-2020-15098Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS8.8Jul 29, 2020
• CVE-2020-15099Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS8.1Jul 29, 2020
• CVE-2020-11069Cross-Site Request Forgery in TYPO3 CMS8.0May 13, 2020