← Back to CVEs
CVE-2026-1323
N/ADescription
The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].
CVE Details
CVSS v3.1 ScoreN/A
Published3/17/2026
Last Modified3/17/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-502
References
https://typo3.org/security/advisory/typo3-ext-sa-2026-005(f4fb688c-4412-4426-b4b8-421ecf27b14a)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.