πŸ” CVE Alert

CVE-2026-6553

UNKNOWN 0.0

TYPO3 CMS Stores Cleartext Password in User Settings Module

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.

CWE CWE-312
Vendor typo3
Product typo3 cms
Published Apr 21, 2026
Last Updated Apr 21, 2026
Stay Ahead of the Next One

Get instant alerts for typo3 typo3 cms

Be the first to know when new unknown vulnerabilities affecting typo3 typo3 cms are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

TYPO3 / TYPO3 CMS
14.2.0 < 14.3.0

References

NVD β†— CVE.org β†— EPSS Data β†—
typo3.org: https://typo3.org/security/advisory/typo3-core-sa-2026-005 github.com: https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291

Credits

πŸ” Martin Clewing Garvin Hicking Stefan BΓΌrk Oliver Hader