πŸ” CVE Alert

CVE-2026-46723

UNKNOWN 0.0

Information Disclosure in extension "Faceted Search" (ke_search)

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index.

CWE CWE-668
Vendor typo3
Product extension "faceted search"
Published May 19, 2026
Last Updated May 19, 2026
Stay Ahead of the Next One

Get instant alerts for typo3 extension "faceted search"

Be the first to know when new unknown vulnerabilities affecting typo3 extension "faceted search" are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

TYPO3 / Extension "Faceted Search"
7.0.0 < 7.0.1 6.0.0 < 6.6.1 0 < 5.6.2

References

NVD β†— CVE.org β†— EPSS Data β†—
typo3.org: https://typo3.org/security/advisory/typo3-ext-sa-2026-011

Credits

πŸ” Seungbin Yang Christian BΓΌlter