Description
Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://typo3.org/security/advisory/typo3-core-sa-2026-009
Patch patch
Git commit of main branch
https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0
Patch patch
Git commit of 13.4 branch
https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd
Scores
CVSS v4
5.3
EPSS
0.0004
EPSS Percentile
12.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (10)
typo3/cms-core
0 - 10.4.57Packagist
typo3/cms-core
11.0.0 - 11.5.51Packagist
typo3/cms-core
12.0.0 - 12.4.46Packagist
typo3/cms-core
13.0.0 - 13.4.31Packagist
typo3/cms-core
14.0.0 - 14.3.3Packagist
TYPO3/TYPO3 CMS
< 10.4.57
TYPO3/TYPO3 CMS
11.0.0 - 11.5.51
TYPO3/TYPO3 CMS
12.0.0 - 12.4.46
TYPO3/TYPO3 CMS
13.0.0 - 13.4.31
TYPO3/TYPO3 CMS
14.0.0 - 14.3.3
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026