πŸ” CVE Alert

CVE-2026-46724

UNKNOWN 0.0

Path Traversal in extension "Faceted Search" (ke_search)

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
13th

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences.

CWE CWE-22
Vendor typo3
Product extension "faceted search"
Published May 19, 2026
Last Updated May 19, 2026
Stay Ahead of the Next One

Get instant alerts for typo3 extension "faceted search"

Be the first to know when new unknown vulnerabilities affecting typo3 extension "faceted search" are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

TYPO3 / Extension "Faceted Search"
7.0.0 < 7.0.1 6.0.0 < 6.6.1 0 < 5.6.2

References

NVD β†— CVE.org β†— EPSS Data β†—
typo3.org: https://typo3.org/security/advisory/typo3-ext-sa-2026-011

Credits

πŸ” Seungbin Yang Christian BΓΌlter