wid-sec-w-2026-0753 · Published 2026-03-16 · View on BSI CERT-Bund ↗

TYPO3 Extensions: Multiple Vulnerabilities

CVSS 7.7 HIGH

Risk Summary

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath']. The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page. The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.

CVEs (3)

CVE-2026-1323 CVE-2026-4202 CVE-2026-4208

Affected Vendors

TYPO3

Affected Products (11)

TYPO3 · Extension Mailqueue <0.5.2

TYPO3 · Extension Mailqueue 0.5.2

TYPO3 · Extension Mailqueue <0.4.5

TYPO3 · Extension Mailqueue 0.4.5

TYPO3 · Extension Redirect Tab <4.0.5

TYPO3 · Extension Redirect Tab 4.0.5

TYPO3 · Extension Redirect Tab <3.1.7

TYPO3 · Extension Redirect Tab 3.1.7

TYPO3 · Extension Redirect Tab <2.1.2

TYPO3 · Extension Redirect Tab 2.1.2

TYPO3 · Extension E-Mail MFA Provider

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more