<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
    <channel>
        <title>Official TYPO3 news</title>
        <description>Posts by tag: TYPO3 CMS</description>
        <language>en</language>
        <link>https://news.typo3.com/article/tag/typo3-cms/blog.tag.xml</link>
        <lastBuildDate>Sat, 18 Jul 2026 13:27:21 +0200</lastBuildDate>
        
    
    
        
<item><title>TYPO3-CORE-SA-2026-020: Unrestricted File Upload in Form Framework</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-020</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-020#comments</comments><pubDate>Tue, 14 Jul 2026 12:00:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-020</guid><description>It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-019: Broken Access Control in Form Framework</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-019</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-019#comments</comments><pubDate>Tue, 09 Jun 2026 12:19:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-019</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-018: Insecure Deserialization in Core API</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-018</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-018#comments</comments><pubDate>Tue, 09 Jun 2026 12:18:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-018</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-017: Privilege Escalation &amp; SQL Injection in Form Framework</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-017</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-017#comments</comments><pubDate>Tue, 09 Jun 2026 12:17:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-017</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-016: Broken Access Control in File Abstraction Layer</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-016</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-016#comments</comments><pubDate>Tue, 09 Jun 2026 12:16:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-016</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-015: Broken Access Control in Backend API</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-015</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-015#comments</comments><pubDate>Tue, 09 Jun 2026 12:15:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-015</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-014: Broken Access Control in Clipboard</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-014</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-014#comments</comments><pubDate>Tue, 09 Jun 2026 12:14:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-014</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-013: Broken Access Control in Media Module</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-013</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-013#comments</comments><pubDate>Tue, 09 Jun 2026 12:13:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-013</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-012: Broken Access Control in DataHandler</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-012</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-012#comments</comments><pubDate>Tue, 09 Jun 2026 12:12:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-012</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-011: Broken Access Control in Recycler</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-011</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-011#comments</comments><pubDate>Tue, 09 Jun 2026 12:11:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-011</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-010: Cross-Site Scripting in Indexed Search</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-010</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-010#comments</comments><pubDate>Tue, 09 Jun 2026 12:10:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-010</guid><description>It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-009: Open Redirect in TYPO3 CMS</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-009</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-009#comments</comments><pubDate>Tue, 09 Jun 2026 12:09:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-009</guid><description>It has been discovered that TYPO3 CMS is susceptible to open redirect.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-008: Broken Access Control in Form Framework</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-008</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-008#comments</comments><pubDate>Tue, 09 Jun 2026 12:08:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-008</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-007: Broken Access Control in File Abstraction Layer</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-007</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-007#comments</comments><pubDate>Tue, 09 Jun 2026 12:07:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-007</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-006: By-passing Cross-Site Scripting Protection in HTML Sanitizer</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-006</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-006#comments</comments><pubDate>Tue, 09 Jun 2026 12:06:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-006</guid><description>It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-005: Cleartext storage of Backend User Passwords</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-005</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-005#comments</comments><pubDate>Tue, 21 Apr 2026 11:05:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-005</guid><description>It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-004: Insecure Deserialization via Mailer File Spool</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-004</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-004#comments</comments><pubDate>Tue, 13 Jan 2026 12:04:00 +0100</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-004</guid><description>It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-003: Broken Access Control in Recycler Module</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-003</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-003#comments</comments><pubDate>Tue, 13 Jan 2026 12:03:00 +0100</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-003</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-002: Broken Access Control in Redirects Module</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-002</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-002#comments</comments><pubDate>Tue, 13 Jan 2026 12:02:00 +0100</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-002</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2026-001: Broken Access Control in Edit Document Controller</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2026-001</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2026-001#comments</comments><pubDate>Tue, 13 Jan 2026 12:01:00 +0100</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2026-001</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>Report from the TYPO3 Code Sprint in Geneva</title><link>https://news.typo3.com/article/report-from-the-typo3-code-sprint-in-geneva</link><comments>https://news.typo3.com/article/report-from-the-typo3-code-sprint-in-geneva#comments</comments><pubDate>Mon, 17 Nov 2025 11:06:28 +0100</pubDate><dc:creator>Michael Binder</dc:creator><guid>https://news.typo3.com/article/report-from-the-typo3-code-sprint-in-geneva</guid><description>27–31 October, TYPO3 contributors got together in Geneva, Switzerland, for a TYPO3 Code Sprint. It wasn’t just the Core Team — anyone interested in improving TYPO3 was welcome to join and this time, I had the pleasure of joining for the very first time.</description><enclosure
            length="1377707"
            type="image/jpeg"
            url="https://news.typo3.com/fileadmin/_processed_/3/2/csm_IMG_1719_142fb459bb.webp" /></item>


    
        
<item><title>TYPO3 13.4.20 and 12.4.39 maintenance releases published</title><link>https://news.typo3.com/article/typo3-13420-and-12439-maintenance-releases-published</link><comments>https://news.typo3.com/article/typo3-13420-and-12439-maintenance-releases-published#comments</comments><pubDate>Tue, 11 Nov 2025 12:10:00 +0100</pubDate><dc:creator>Benni Mack</dc:creator><guid>https://news.typo3.com/article/typo3-13420-and-12439-maintenance-releases-published</guid><description>The versions 13.4.20 and 12.4.39 of the TYPO3 Enterprise Content Management System have just been released.</description></item>


    
        
<item><title>T3CON Celebrates 20 Years with ERGO by Lüftner and Parili as Patron Sponsor</title><link>https://news.typo3.com/article/ergo-lueftner-parili-patron-sponsor</link><comments>https://news.typo3.com/article/ergo-lueftner-parili-patron-sponsor#comments</comments><pubDate>Tue, 28 Oct 2025 11:00:00 +0100</pubDate><dc:creator>Luana Valentini</dc:creator><guid>https://news.typo3.com/article/ergo-lueftner-parili-patron-sponsor</guid><description>We’re pleased to announce ERGO by Lüftner and Parili as Patron Sponsor for the TYPO3 Conference 2025 (25-27 November 2025).</description><enclosure
            length="243216"
            type="image/jpeg"
            url="https://news.typo3.com/fileadmin/_processed_/3/c/csm_T3CON_Ergo_listview_1600x1066_494e3f57f1.webp" /></item>


    
        
<item><title>TYPO3 13.4.19 and 12.4.38 maintenance releases published</title><link>https://news.typo3.com/article/typo3-13419-and-12438-maintenance-releases-published</link><comments>https://news.typo3.com/article/typo3-13419-and-12438-maintenance-releases-published#comments</comments><pubDate>Tue, 14 Oct 2025 13:00:00 +0200</pubDate><dc:creator>Benni Mack</dc:creator><guid>https://news.typo3.com/article/typo3-13419-and-12438-maintenance-releases-published</guid><description>The versions 13.4.19 and 12.4.38 of the TYPO3 Enterprise Content Management System have just been released.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2025-023: Information Disclosure via CSV Download</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2025-023</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2025-023#comments</comments><pubDate>Tue, 09 Sep 2025 11:07:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2025-023</guid><description>It has been discovered that TYPO3 CMS is susceptible to information disclosure.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2025-022: Information Disclosure in Workspaces Module</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2025-022</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2025-022#comments</comments><pubDate>Tue, 09 Sep 2025 11:06:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2025-022</guid><description>It has been discovered that TYPO3 CMS is susceptible to information disclosure.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2025-021: Broken Access Control in Backend AJAX Routes</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2025-021</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2025-021#comments</comments><pubDate>Tue, 09 Sep 2025 11:05:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2025-021</guid><description>It has been discovered that TYPO3 CMS is susceptible to broken access control.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2025-020: Information Disclosure via File Abstraction Layer</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2025-020</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2025-020#comments</comments><pubDate>Tue, 09 Sep 2025 11:04:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2025-020</guid><description>It has been discovered that TYPO3 CMS is susceptible to information disclosure.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2025-019: Insufficient Entropy in Password Generation</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2025-019</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2025-019#comments</comments><pubDate>Tue, 09 Sep 2025 11:03:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2025-019</guid><description>It has been discovered that TYPO3 CMS is susceptible to insufficient entropy.</description></item>


    
        
<item><title>TYPO3-CORE-SA-2025-018: Denial of Service in TYPO3 Bookmark Toolbar</title><link>https://news.typo3.com/security/advisory/typo3-core-sa-2025-018</link><comments>https://news.typo3.com/security/advisory/typo3-core-sa-2025-018#comments</comments><pubDate>Tue, 09 Sep 2025 11:02:00 +0200</pubDate><dc:creator>Oliver Hader</dc:creator><guid>https://news.typo3.com/security/advisory/typo3-core-sa-2025-018</guid><description>It has been discovered that TYPO3 CMS is susceptible to denial of service.</description></item>


    



    </channel>
</rss>
