CVE-2026-4202

LOW

Broken Access Control in extension "Redirect Tab"

Title source: cna

Description

The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.

References (1)

[Vendor Advisory] https://typo3.org/security/advisory/typo3-ext-sa-2026-006

Scores

CVSS v4 2.3

EPSS 0.0004

EPSS Percentile 12.4%

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-200 CWE-862

Status published

Products (4)

ayacoo/redirect-tab 0 - 2.1.2Packagist

TYPO3/Extension "Redirect Tabs" < 2.1.2

TYPO3/Extension "Redirect Tabs" 3.0.0 - 3.1.7

TYPO3/Extension "Redirect Tabs" 4.0.0 - 4.0.5

Published Mar 17, 2026

Tracked Since Mar 17, 2026