TYPO3-CORE-SA-2026-019: Broken Access Control in Form Framework
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-018: Insecure Deserialization in Core API
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-017: Privilege Escalation & SQL Injection in Form Framework
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-016: Broken Access Control in File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-015: Broken Access Control in Backend API
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-014: Broken Access Control in Clipboard
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-013: Broken Access Control in Media Module
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-012: Broken Access Control in DataHandler
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-011: Broken Access Control in Recycler
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-010: Cross-Site Scripting in Indexed Search
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2026-009: Open Redirect in TYPO3 CMS
It has been discovered that TYPO3 CMS is susceptible to open redirect.
TYPO3-CORE-SA-2026-008: Broken Access Control in Form Framework
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-007: Broken Access Control in File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2026-006: By-passing Cross-Site Scripting Protection in HTML Sanitizer
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2026-013: Remote Code Execution in extension "Content Element Selector" (ceselector)
It has been discovered that the extension "Content Element Selector" (ceselector) is vulnerable to Remote Code Execution.
TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)
It has been discovered that the extension "Address List" (tt_address) is vulnerable to SQL Injection.
TYPO3-EXT-SA-2026-011: Multiple vulnerabilities in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is vulnerable to XML External Entity injection, Path Traversal and Information…
TYPO3-EXT-SA-2026-010: SQL Injection in extension "News system" (news)
It has been discovered that the extension "News system" (news) is vulnerable to SQL Injection.
TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)
It has been discovered that the extension "Frontend User Registration" (sf_register) is vulnerable to Broken Access Control.
TYPO3-EXT-SA-2026-008: Remote Code Execution in extension "Site Crawler" (crawler)
It has been discovered that the extension "Site Crawler" (crawler) is vulnerable to Remote Code Execution.
TYPO3-CORE-SA-2026-005: Cleartext storage of Backend User Passwords
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
TYPO3-CORE-SA-2026-005: Cleartext storage of Backend User Passwords
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
Announcing a Third Election Round for the TYPO3 Association Board
Since none of the remaining candidates achieved 50% of the votes in the second round, members are asked to vote in a final round. If the necessary…
Vote Now! Budget 2026 Ideas for Round Two Have Been Published
The call for community budget ideas for the second round of 2026 was successful: Seven Community and three Team ideas have made it to the poll. These…
This Month in TYPO3: March, 2026
March went out with a bang. TYPO3 v14.2 shipped on the final day of the month, the Association elections saw an 18% surge in voter participation, and…
Improving Fluid Developer Experience with TYPO3 v14
Simon Praetorius gives us an update on his Community Budget idea for improving the Fluid developer experience — and the first results are already…
TYPO3 Contribution in Numbers: March 2026
See the full recap of TYPO3's March core contributions with 66 contributors, 255 reviews, bug fixes, features, and a big thank-you to our developers.
TYPO3 v14.2—Refined Where It Matters
Today we proudly released TYPO3 version 14.2—and you won't be disappointed! You'll find new features, improvements, and optimizations in every corner…
Results of the 2026 TYPO3 Association Elections
When the election closed, more than 380 members had cast their votes. This is an 18% increase from 2025. Another voting round will take place to…
How to Upgrade an Outdated TYPO3 Version: Our Step-by-Step Guide
Learn how to check if your TYPO3 version is outdated and choose the best way to upgrade your TYPO3 website.