Vulnerability-Lookup

WID-SEC-W-2026-0151

Vulnerability from csaf_certbund - Published: 2026-01-19 23:00 - Updated: 2026-01-20 23:00

Summary

TYPO3 Extension: Mehrere Schwachstellen ermöglichen Manipulation von Dateien

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: TYPO3 ist ein freies Content-Management-System, basierend auf der Scriptsprache PHP und einer SQL-Datenbank. Über zahlreiche Extensions kann der Funktionsumfang der Core-Installation individuell erweitert werden.

Angriff: Ein Angreifer kann mehrere Schwachstellen in TYPO3 Extension ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2025-14761

Affected products

Known affected 4 products

Product	Identifier	Version
TYPO3 Extension Amazon AWS SDK TYPO3 / Extension	`cpe:/a:typo3:typo3_extension:amazon_aws_sdk`	Amazon AWS SDK
TYPO3 Extension AWS SDK for PHP <3.368.0 TYPO3 / Extension		AWS SDK for PHP <3.368.0
TYPO3 Extension Amazon Web Services (AWS) Toolbox <12.0.2 TYPO3 / Extension		Amazon Web Services (AWS) Toolbox <12.0.2
TYPO3 Extension Amazon Web Services (AWS) Toolbox <11.0.4 TYPO3 / Extension		Amazon Web Services (AWS) Toolbox <11.0.4

CVE-2026-0895

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
TYPO3 Extension Mailqueue <0.5.1 TYPO3 / Extension		Mailqueue <0.5.1
TYPO3 Extension Mailqueue <0.4.3 TYPO3 / Extension		Mailqueue <0.4.3

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://typo3.org/security/advisory/typo3-ext-sa-…	external
https://typo3.org/security/advisory/typo3-ext-sa-…	external
https://typo3.org/security/advisory/typo3-ext-sa-…	external
https://typo3.org/security/advisory/typo3-ext-sa-…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "TYPO3 ist ein freies Content-Management-System, basierend auf der Scriptsprache PHP und einer SQL-Datenbank. \u00dcber zahlreiche Extensions kann der Funktionsumfang der Core-Installation individuell erweitert werden.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in TYPO3 Extension ausnutzen, um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0151 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0151.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0151 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0151"
      },
      {
        "category": "external",
        "summary": "TYPO3 Security Advisory vom 2026-01-19",
        "url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-001"
      },
      {
        "category": "external",
        "summary": "TYPO3 Security Advisory vom 2026-01-19",
        "url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-002"
      },
      {
        "category": "external",
        "summary": "TYPO3 Security Advisory vom 2026-01-19",
        "url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-003"
      },
      {
        "category": "external",
        "summary": "TYPO3 Security Advisory vom 2026-01-19",
        "url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-004"
      }
    ],
    "source_lang": "en-US",
    "title": "TYPO3 Extension: Mehrere Schwachstellen erm\u00f6glichen Manipulation von Dateien",
    "tracking": {
      "current_release_date": "2026-01-20T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-21T07:39:40.168+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0151",
      "initial_release_date": "2026-01-19T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-19T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-20T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-3591"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Mailqueue \u003c0.4.3",
                "product": {
                  "name": "TYPO3 Extension Mailqueue \u003c0.4.3",
                  "product_id": "T050098"
                }
              },
              {
                "category": "product_version",
                "name": "Mailqueue 0.4.3",
                "product": {
                  "name": "TYPO3 Extension Mailqueue 0.4.3",
                  "product_id": "T050098-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:typo3:typo3_extension:mailqueue__0.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Amazon Web Services (AWS) Toolbox \u003c11.0.4",
                "product": {
                  "name": "TYPO3 Extension Amazon Web Services (AWS) Toolbox \u003c11.0.4",
                  "product_id": "T050100"
                }
              },
              {
                "category": "product_version",
                "name": "Amazon Web Services (AWS) Toolbox 11.0.4",
                "product": {
                  "name": "TYPO3 Extension Amazon Web Services (AWS) Toolbox 11.0.4",
                  "product_id": "T050100-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:typo3:typo3_extension:amazon_web_services_%2528aws%2529_toolbox__11.0.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Amazon Web Services (AWS) Toolbox \u003c12.0.2",
                "product": {
                  "name": "TYPO3 Extension Amazon Web Services (AWS) Toolbox \u003c12.0.2",
                  "product_id": "T050101"
                }
              },
              {
                "category": "product_version",
                "name": "Amazon Web Services (AWS) Toolbox 12.0.2",
                "product": {
                  "name": "TYPO3 Extension Amazon Web Services (AWS) Toolbox 12.0.2",
                  "product_id": "T050101-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:typo3:typo3_extension:amazon_web_services_%2528aws%2529_toolbox__12.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "AWS SDK for PHP \u003c3.368.0",
                "product": {
                  "name": "TYPO3 Extension AWS SDK for PHP \u003c3.368.0",
                  "product_id": "T050102"
                }
              },
              {
                "category": "product_version",
                "name": "AWS SDK for PHP 3.368.0",
                "product": {
                  "name": "TYPO3 Extension AWS SDK for PHP 3.368.0",
                  "product_id": "T050102-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:typo3:typo3_extension:aws_sdk_for_php__3.368.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Amazon AWS SDK",
                "product": {
                  "name": "TYPO3 Extension Amazon AWS SDK",
                  "product_id": "T050103",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:typo3:typo3_extension:amazon_aws_sdk"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Mailqueue \u003c0.5.1",
                "product": {
                  "name": "TYPO3 Extension Mailqueue \u003c0.5.1",
                  "product_id": "T050104"
                }
              },
              {
                "category": "product_version",
                "name": "Mailqueue 0.5.1",
                "product": {
                  "name": "TYPO3 Extension Mailqueue 0.5.1",
                  "product_id": "T050104-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:typo3:typo3_extension:mailqueue__0.5.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Extension"
          }
        ],
        "category": "vendor",
        "name": "TYPO3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14761",
      "product_status": {
        "known_affected": [
          "T050103",
          "T050102",
          "T050101",
          "T050100"
        ]
      },
      "release_date": "2026-01-19T23:00:00.000+00:00",
      "title": "CVE-2025-14761"
    },
    {
      "cve": "CVE-2026-0895",
      "product_status": {
        "known_affected": [
          "T050104",
          "T050098"
        ]
      },
      "release_date": "2026-01-19T23:00:00.000+00:00",
      "title": "CVE-2026-0895"
    }
  ]
}

CVE-2025-14761 (GCVE-0-2025-14761)

Vulnerability from cvelistv5 – Published: 2025-12-17 20:13 – Updated: 2025-12-17 21:06

Summary

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

6 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Assigner

AMZN

References

3 references

URL	Tags
https://aws.amazon.com/security/security-bulletin…	vendor-advisory
https://github.com/aws/aws-sdk-php/security/advis…	third-party-advisory
https://github.com/aws/aws-sdk-php/releases/tag/3.368.0	patch

Impacted products

1 product

Vendor	Product	Version
AWS	AWS SDK for PHP	Unaffected: 3.368.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14761",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-17T20:36:01.389941Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-17T20:41:07.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AWS SDK for PHP",
          "vendor": "AWS",
          "versions": [
            {
              "status": "unaffected",
              "version": "3.368.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eMissing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an \"instruction file\" instead of S3\u0027s metadata record.\u003cbr\u003e\u003cbr\u003eTo mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later\u003c/p\u003e"
            }
          ],
          "value": "Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an \"instruction file\" instead of S3\u0027s metadata record.\n\nTo mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-148",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-148: Content Spoofing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-17T21:06:21.725Z",
        "orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "shortName": "AMZN"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-032/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-x8cp-jf6f-r4xh"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/aws/aws-sdk-php/releases/tag/3.368.0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
    "assignerShortName": "AMZN",
    "cveId": "CVE-2025-14761",
    "datePublished": "2025-12-17T20:13:54.665Z",
    "dateReserved": "2025-12-16T00:24:29.842Z",
    "dateUpdated": "2025-12-17T21:06:21.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0895 (GCVE-0-2026-0895)

Vulnerability from cvelistv5 – Published: 2026-01-20 07:19 – Updated: 2026-01-20 18:07

Title

Insecure Deserialization in extension "Mailqueue" (mailqueue)

Summary

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 .

Severity

5.2 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

TYPO3

References

3 references

URL	Tags
https://typo3.org/security/advisory/typo3-ext-sa-…	vendor-advisory
https://github.com/CPS-IT/mailqueue/commit/fd09aa…	patch
https://github.com/CPS-IT/mailqueue/commit/12a0a3…	patch

Impacted products

1 product

Vendor	Product	Version
TYPO3	Extension "Mailqueue"	Affected: 0 , < 0.4.3 (semver) Affected: 0.5.0 , < 0.5.1 (semver)

Date Public

2026-01-20 07:00

Credits

Elias Häußler Elias Häußler

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-20T17:56:49.546112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-20T18:07:10.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://packagist.org/",
          "defaultStatus": "unaffected",
          "packageName": "cpsit/typo3-mailqueue",
          "product": "Extension \"Mailqueue\"",
          "repo": "https://github.com/CPS-IT/mailqueue",
          "vendor": "TYPO3",
          "versions": [
            {
              "lessThan": "0.4.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.5.1",
              "status": "affected",
              "version": "0.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Elias H\u00e4u\u00dfler"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Elias H\u00e4u\u00dfler"
        }
      ],
      "datePublic": "2026-01-20T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The extension extends TYPO3\u2019 \u003ccode\u003eFileSpool\u003c/code\u003e component, which was vulnerable to Insecure Deserialization prior to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://typo3.org/security/advisory/typo3-core-sa-2026-004\"\u003eTYPO3-CORE-SA-2026-004\u003c/a\u003e. Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://typo3.org/security/advisory/typo3-core-sa-2026-004\"\u003eTYPO3-CORE-SA-2026-004\u003c/a\u003e."
            }
          ],
          "value": "The extension extends TYPO3\u2019 FileSpool component, which was vulnerable to Insecure Deserialization prior to  TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory  TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 ."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-20T07:21:28.109Z",
        "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "shortName": "TYPO3"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-001"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/CPS-IT/mailqueue/commit/fd09aa4e1a751551bae4b228bee814e22f2048db"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/CPS-IT/mailqueue/commit/12a0a35027bb5609917790a94e43bbf117abf733"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Deserialization in extension \"Mailqueue\" (mailqueue)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
    "assignerShortName": "TYPO3",
    "cveId": "CVE-2026-0895",
    "datePublished": "2026-01-20T07:19:00.786Z",
    "dateReserved": "2026-01-13T15:24:31.992Z",
    "dateUpdated": "2026-01-20T18:07:10.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0151

CVE-2025-14761 (GCVE-0-2025-14761)

CVE-2026-0895 (GCVE-0-2026-0895)

Tags

Sightings

Nomenclature