VYPR

Packagist (Composer) package

typo3/cms-recycler

pkg:composer/typo3/cms-recycler

Vulnerabilities (3)

  • CVE-2026-47349MedJun 9, 2026
    affected < 10.4.57fixed 10.4.57

    Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3.

  • CVE-2025-59022Jan 13, 2026
    affected >= 14.0.0, < 14.0.2fixed 14.0.2

    Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering t

  • CVE-2025-59017Sep 9, 2025
    affected >= 9.0.0, < 12.4.37fixed 12.4.37

    Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.