CVE-2026-1323

Published: Mar 17, 2026 Last Modified: Mar 17, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,2
Source: f4fb688c-4412-4426-b4b8-421ecf27b14a
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0002
Percentile
0,0th
Updated

Single Data Point

Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.

502

Deserialization of Untrusted Data

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context
Applicable Platforms
Languages: Java, JavaScript, PHP, Python, Ruby
Technologies: AI/ML, ICS/OT, Not Technology-Specific
Likelihood of Exploit: Medium
View CWE Details
https://typo3.org/security/advisory/typo3-ext-sa-2026-005
https://typo3.org/security/advisory/typo3-ext-sa-2026-005