CVE-2026-1323

UNKNOWN 0.0

Insecure Deserialization in extension "Mailqueue" (mailqueue)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].

CWE	CWE-502
Vendor	typo3
Product	extension "mailqueue"
Published	Mar 17, 2026
Last Updated	Mar 17, 2026

Stay Ahead of the Next One

Get instant alerts for typo3 extension "mailqueue"

Be the first to know when new unknown vulnerabilities affecting typo3 extension "mailqueue" are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TYPO3 / Extension "Mailqueue"

0 < 0.4.5 0.5.0 < 0.5.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

typo3.org: https://typo3.org/security/advisory/typo3-ext-sa-2026-005

Credits

🔍 Elias Häußler Elias Häußler