{"api_version":"1","generated_at":"2026-06-23T10:24:56+00:00","cve":"CVE-2026-47347","urls":{"html":"https://cve.report/CVE-2026-47347","api":"https://cve.report/api/cve/CVE-2026-47347.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-47347","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-47347"},"summary":{"title":"TYPO3 CMS - Open Redirect in Core Utilities","description":"Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.","state":"PUBLISHED","assigner":"TYPO3","published_at":"2026-06-09 11:16:52","updated_at":"2026-06-09 13:46:50"},"problem_types":["CWE-601","CWE-601 CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"],"metrics":[{"version":"4.0","source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"5.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.3,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"}}],"references":[{"url":"https://typo3.org/security/advisory/typo3-core-sa-2026-009","name":"https://typo3.org/security/advisory/typo3-core-sa-2026-009","refsource":"f4fb688c-4412-4426-b4b8-421ecf27b14a","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0","name":"https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0","refsource":"f4fb688c-4412-4426-b4b8-421ecf27b14a","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd","name":"https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd","refsource":"f4fb688c-4412-4426-b4b8-421ecf27b14a","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-47347","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47347","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"TYPO3","product":"TYPO3 CMS","version":"affected 10.4.57 semver","platforms":[]},{"source":"CNA","vendor":"TYPO3","product":"TYPO3 CMS","version":"affected 11.0.0 11.5.51 semver","platforms":[]},{"source":"CNA","vendor":"TYPO3","product":"TYPO3 CMS","version":"affected 12.0.0 12.4.46 semver","platforms":[]},{"source":"CNA","vendor":"TYPO3","product":"TYPO3 CMS","version":"affected 13.0.0 13.4.31 semver","platforms":[]},{"source":"CNA","vendor":"TYPO3","product":"TYPO3 CMS","version":"affected 14.0.0 14.3.3 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Alexandre Romao","lang":"en"},{"source":"CNA","value":"Benjamin Franzke","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"47347","cve":"CVE-2026-47347","epss":"0.004840000","percentile":"0.377440000","score_date":"2026-06-16","updated_at":"2026-06-17 00:05:46"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"collectionURL":"https://packagist.org","defaultStatus":"unaffected","modules":["Core Utilities"],"packageName":"typo3/cms-core","product":"TYPO3 CMS","repo":"https://github.com/TYPO3/typo3","vendor":"TYPO3","versions":[{"lessThan":"10.4.57","status":"affected","version":"0","versionType":"semver"},{"lessThan":"11.5.51","status":"affected","version":"11.0.0","versionType":"semver"},{"lessThan":"12.4.46","status":"affected","version":"12.0.0","versionType":"semver"},{"lessThan":"13.4.31","status":"affected","version":"13.0.0","versionType":"semver"},{"lessThan":"14.3.3","status":"affected","version":"14.0.0","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionEndExcluding":"10.4.57","vulnerable":true},{"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionEndExcluding":"11.5.51","versionStartIncluding":"11.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionEndExcluding":"12.4.46","versionStartIncluding":"12.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionEndExcluding":"13.4.31","versionStartIncluding":"13.0.0","vulnerable":true},{"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionEndExcluding":"14.3.3","versionStartIncluding":"14.0.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"reporter","value":"Alexandre Romao"},{"lang":"en","type":"remediation developer","value":"Benjamin Franzke"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Applications that use <code>GeneralUtility::sanitizeLocalUrl</code> to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2."}],"value":"Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.3,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-601","description":"CWE-601 URL Redirection to Untrusted Site ('Open Redirect')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-09T10:51:00.283Z","orgId":"f4fb688c-4412-4426-b4b8-421ecf27b14a","shortName":"TYPO3"},"references":[{"tags":["vendor-advisory"],"url":"https://typo3.org/security/advisory/typo3-core-sa-2026-009"},{"name":"Git commit of main branch","tags":["patch"],"url":"https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0"},{"name":"Git commit of 13.4 branch","tags":["patch"],"url":"https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd"}],"source":{"discovery":"UNKNOWN"},"title":"TYPO3 CMS - Open Redirect in Core Utilities","x_generator":{"engine":"Vulnogram 1.0.1"}}},"cveMetadata":{"assignerOrgId":"f4fb688c-4412-4426-b4b8-421ecf27b14a","assignerShortName":"TYPO3","cveId":"CVE-2026-47347","datePublished":"2026-06-09T10:51:00.283Z","dateReserved":"2026-05-19T12:49:25.966Z","dateUpdated":"2026-06-09T10:51:00.283Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-09 11:16:52","lastModifiedDate":"2026-06-09 13:46:50","problem_types":["CWE-601","CWE-601 CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"],"metrics":{"cvssMetricV40":[{"source":"f4fb688c-4412-4426-b4b8-421ecf27b14a","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"47347","Ordinal":"1","Title":"TYPO3 CMS - Open Redirect in Core Utilities","CVE":"CVE-2026-47347","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"47347","Ordinal":"1","NoteData":"Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.","Type":"Description","Title":"TYPO3 CMS - Open Redirect in Core Utilities"}]}}}