Skip to main content

TYPO3 CMS EUVDEUVD-2026-43671

| CVE-2026-15305 MEDIUM
Insufficient Type Distinction (CWE-351)
2026-07-14 f4fb688c-4412-4426-b4b8-421ecf27b14a GHSA-p8pr-442q-qf8g
6.3
CVSS 4.0 · Vendor: f4fb688c-4412-4426-b4b8-421ecf27b14a
Share

Severity by source

Vendor (f4fb688c-4412-4426-b4b8-421ecf27b14a) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-accessible public form, no credentials needed, no scope change; integrity impact is low (unrestricted file type stored), no confidentiality or availability impact confirmed.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (f4fb688c-4412-4426-b4b8-421ecf27b14a).

CVSS VectorVendor: f4fb688c-4412-4426-b4b8-421ecf27b14a

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 14, 2026 - 18:20 EUVD
Analysis Generated
Jul 14, 2026 - 13:35 vuln.today

DescriptionCVE.org

Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during form building before concrete form definition properties were applied, resulting in the validator never being added to the processing pipeline. This issue affects TYPO3 CMS versions 14.2.0-14.3.5.

AnalysisAI

MIME type restriction bypass in TYPO3 CMS 14.2.0-14.3.5 allows unauthenticated attackers to upload files of arbitrary MIME types through forms configured with FileUpload or ImageUpload elements, circumventing the allowedMimeTypes restriction entirely. The flaw originates from a lifecycle ordering defect in the server-side form framework: MimeTypeValidator is registered before concrete form definition properties are applied, so it is absent from the validation pipeline at runtime. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify public TYPO3 form with file upload
Delivery
Craft multipart request with disallowed MIME type
Exploit
Submit bypassing server-side MimeTypeValidator
Execution
Malicious file stored on server
Impact
Trigger secondary impact via file render or execution

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target TYPO3 instance runs version 14.2.0-14.3.5 AND has at least one form deployed via the TYPO3 Form Framework that includes a FileUpload or ImageUpload form element with the allowedMimeTypes property explicitly set to a non-empty list. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 score is 6.3 (Medium) with vector AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker visits a publicly accessible TYPO3 site that hosts a contact or registration form with a file upload field restricted to images (e.g., allowedMimeTypes: image/jpeg, image/png). Using a tool such as curl or Burp Suite, they intercept the multipart/form-data request and replace the Content-Type header and file content with an HTML or SVG file containing embedded JavaScript, then submit the form. …
Remediation The primary remediation is to upgrade TYPO3 CMS to a version beyond 14.3.5; the exact patched release version is not independently confirmed from available data - consult the vendor advisory at https://typo3.org/security/advisory/typo3-core-sa-2026-020 for the authoritative fix version. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43671 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy