Skip to main content

Extension Frontend User Registration

1 CVEs product

Monthly

CVE-2026-46721 PHP MEDIUM PATCH This Month

Mass assignment in the TYPO3 'Frontend User Registration' extension allows unauthenticated remote attackers to assign arbitrary frontend user groups to accounts created or modified via the public registration and profile-edit flows. Because the extension neither restricts which user properties may be submitted nor enforces server-side access control on the group assignment field, an attacker registers or edits an account while injecting a privileged frontend user group identifier, immediately gaining access to content and functionality that would otherwise require elevated membership. No public exploit is identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass Extension Frontend User Registration
NVD
CVSS 4.0
6.9
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Mass assignment in the TYPO3 'Frontend User Registration' extension allows unauthenticated remote attackers to assign arbitrary frontend user groups to accounts created or modified via the public registration and profile-edit flows. Because the extension neither restricts which user properties may be submitted nor enforces server-side access control on the group assignment field, an attacker registers or edits an account while injecting a privileged frontend user group identifier, immediately gaining access to content and functionality that would otherwise require elevated membership. No public exploit is identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass Extension Frontend User Registration
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy