πŸ” CVE Alert

CVE-2026-46722

UNKNOWN 0.0

XML External Entity Injection in extension "Faceted Search" (ke_search)

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index.

CWE CWE-611
Vendor typo3
Product extension "faceted search"
Published May 19, 2026
Last Updated May 19, 2026
Stay Ahead of the Next One

Get instant alerts for typo3 extension "faceted search"

Be the first to know when new unknown vulnerabilities affecting typo3 extension "faceted search" are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

TYPO3 / Extension "Faceted Search"
7.0.0 < 7.0.1 6.0.0 < 6.6.1 0 < 5.6.2

References

NVD β†— CVE.org β†— EPSS Data β†—
typo3.org: https://typo3.org/security/advisory/typo3-ext-sa-2026-011

Credits

πŸ” Seungbin Yang Christian BΓΌlter