Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TYPO3 Deserialization of Untrusted Data Vulnerability - CVE-2026-0859 - Vulnerability Database
TYPO3

TYPO3 Deserialization of Untrusted Data Vulnerability - CVE-2026-0859

High
Reference: CVE-2026-0859
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-0859
Title: TYPO3 Deserialization of Untrusted Data Vulnerability
Overview:

TYPO339s mailfile spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54 11.0.0-11.5.48 12.0.0-12.4.40 13.0.0-13.4.22 and 14.0.0-14.0.1.