CVE-2026-46723

Vulnerability

The ke_search extension fails to validate table and field names in the additional_tables configuration of the page and tt_content indexers. A backend user with permission to edit indexer configurations can supply arbitrary table and field names from internal TYPO3 tables, which the extension then reads and writes into the search index. Affected versions are ke_search 7.0.0, 6.0.0–6.6.0, and 5.6.1 and below [1].

Exploitation

An attacker must possess backend user credentials with the ability to modify indexer configurations for ke_search. The attacker then sets the additional_tables parameter to target sensitive TYPO3 database tables (e.g., be_users, sys_file_metadata) and fields. No further user interaction is needed after saving the configuration [1].

Impact

By luring a backend user to search the index, the attacker can retrieve sensitive data from internal TYPO3 tables, including credentials or other confidential information, leading to information disclosure [1].

Mitigation

Updated versions 7.0.1, 6.6.1, and 5.6.2 are available from the TYPO3 extension manager and Packagist. Users should update the extension to one of these secure versions immediately [1].