QSearchQSearch

CVE-2026-46723

The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names

Published: 2026-05-19 · Last updated: 2026-05-19

Severity and scoring

CWE
CWE-668

Description

The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-48096 OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)
  • CVE-2026-42535 A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV proper... (9.1 CRITICAL)
  • CVE-2025-15653 Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unau... (6.8 MEDIUM)
  • CVE-2026-46430 Algernon is a small self-contained pure-Go web server (4.3 MEDIUM)
  • CVE-2026-8958 Information disclosure, sandbox escape in the Security: Process Sandboxing component (8.6 HIGH)