VYPR
High severity8.8NVD Advisory· Published Mar 17, 2026· Updated Apr 25, 2026

CVE-2026-1323

CVE-2026-1323

Description

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cpsit/typo3-mailqueuePackagist
< 0.4.50.4.5
cpsit/typo3-mailqueuePackagist
>= 0.5.0, < 0.5.20.5.2

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.