CVE-2026-46724

Vulnerability Description

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences.

Related Weaknesses (CWE)

CWE-22

References

https://typo3.org/security/advisory/typo3-ext-sa-2026-011

FAQ

What is CVE-2026-46724?

CVE-2026-46724 is a documented vulnerability. The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system ...

How severe is CVE-2026-46724?

CVSS scoring is not yet available for CVE-2026-46724. Check NVD for updates.

Is there a patch for CVE-2026-46724?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.