Filtered by vendor Typo3
Subscriptions
Filtered by product Extension "site Crawler"
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8727 | 1 Typo3 | 1 Extension "site Crawler" | 2026-05-20 | N/A |
| The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative privileges to configure a crawler-enabled page and trigger the crawl via a Scheduler task. | ||||
Page 1 of 1.