Is there a patch available for CVE-2026-46721?

Yes, a patch is available for CVE-2026-46721. Update the affected software to the latest version immediately.

TYPO3 Frontend User Registration CVE-2026-46721

Q: What is the CVSS score of CVE-2026-46721?

CVE-2026-46721 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-30857 MEDIUM

Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915)

2026-05-19 TYPO3

GHSA-v348-vr4q-fv9p

Authentication Bypass

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 19, 2026 - 11:16 EUVD

Analysis Generated

May 19, 2026 - 10:47 vuln.today

CVSS changed

May 19, 2026 - 10:22 NVD

6.9 (MEDIUM)

DescriptionNVD

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to content and functionality restricted to privileged frontend user groups.

AnalysisAI

Mass assignment in the TYPO3 'Frontend User Registration' extension allows unauthenticated remote attackers to assign arbitrary frontend user groups to accounts created or modified via the public registration and profile-edit flows. Because the extension neither restricts which user properties may be submitted nor enforces server-side access control on the group assignment field, an attacker registers or edits an account while injecting a privileged frontend user group identifier, immediately gaining access to content and functionality that would otherwise require elevated membership. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-46721 vulnerability details – vuln.today

Back

TYPO3 Frontend User Registration CVE-2026-46721

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

TYPO3 Frontend User Registration CVE-2026-46721

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code