Changeflow GovPing Data Privacy & Cybersecurity TYPO3 Extensions Multiple Vulnerabilities
Priority review Notice Added Final

TYPO3 Extensions Multiple Vulnerabilities

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 16th, 2026
Detected March 17th, 2026
Email

Summary

CERT-Bund has issued a security advisory for multiple vulnerabilities in TYPO3 Extensions, including Mailqueue and Redirect Tab. The vulnerabilities have a CVSS base score of 7.5 and can allow for remote code execution or information disclosure.

View original document View source feed page

What changed

CERT-Bund has released a security advisory (WID-SEC-2026-0753) detailing multiple vulnerabilities in various TYPO3 extensions, including Mailqueue and Redirect Tab. These vulnerabilities, with a CVSS base score of 7.5, can be exploited by authenticated local or remote attackers to execute arbitrary code, disclose sensitive information, or bypass security measures. The advisory lists specific affected versions of the extensions and notes that mitigation is available.

Organizations using TYPO3 with the affected extensions must update to patched versions immediately to prevent exploitation. Failure to do so could result in significant data breaches, system compromise, and potential operational disruption. While no specific compliance deadline is mentioned, prompt patching is critical for maintaining system security and data integrity.

What to do next

  1. Update TYPO3 extensions Mailqueue and Redirect Tab to versions not affected by the vulnerabilities.
  2. Review system logs for any signs of exploitation.
  3. Implement mitigation strategies as recommended by CERT-Bund.

Source document (simplified)

[WID-SEC-2026-0753] TYPO3 Extensions: Mehrere Schwachstellen CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.9 (mittel) Remoteangriff ja Datum 16.03.2026 Stand 17.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

TYPO3 ist ein freies Content-Management-System, basierend auf der Scriptsprache PHP und einer SQL-Datenbank. Über zahlreiche Extensions kann der Funktionsumfang der Core-Installation individuell erweitert werden.

Produkte

16.03.2026
- TYPO3 Extension Mailqueue <0.5.2

  • TYPO3 Extension Mailqueue <0.4.5

  • TYPO3 Extension Redirect Tab <4.0.5

  • TYPO3 Extension Redirect Tab <3.1.7

  • TYPO3 Extension Redirect Tab <2.1.2

  • TYPO3 Extension E-Mail MFA Provider

Angriff

Angriff

Ein lokaler, oder ein enfernter authentisierter Angreifer kann mehrere Schwachstellen in TYPO3 Extensions ausnutzen, um beliebigen Programmcode auszuführen, vertrauliche Informationen offenzulegen oder Sicherheitsmaßnahmen zu umgehen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Apache Airflow Multiple Vulnerabilities Advisory
Priority review Mar 17, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Linux Kernel Vulnerabilities Allow Security Bypass
Priority review Mar 17, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Red Hat Linux Vulnerability Allows Privilege Escalation and Info Disclosure
Priority review Mar 17, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for news.dli.mt.gov Montana DLI Warns About Phishing Scam
Priority review Mar 17, 2026 news.dli.mt.gov Labor & Employment
Favicon for www.maine.gov Maine Revenue Services Warns of W-2 Phishing Scams
Priority review Mar 17, 2026 revenue Tax
Favicon for www.cert.ssi.gouv.fr CERT-FR: Multiple vulnerabilities in Mattermost Server
Priority review Mar 17, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 16th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
de

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Data Security

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 179 Consumer Protection 35 Courts & Legal 210 Data Privacy & Cybersecurity 59 Defense & National Security 48 Education 20 Energy 94 Environment 81 Government & Legislation 240 Healthcare 106 Housing 15 Immigration 8 Insurance 17 Labor & Employment 107 Pharma & Drug Safety 68 Securities & Markets 73 Tax 48 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.