CVE-2026-8827

Vulnerability Description

The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call this method with untrusted input would expose the site to SQL injection.

Related Weaknesses (CWE)

CWE-89

References

https://typo3.org/security/advisory/typo3-ext-sa-2026-012

FAQ

What is CVE-2026-8827?

CVE-2026-8827 is a documented vulnerability. The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself...

How severe is CVE-2026-8827?

CVSS scoring is not yet available for CVE-2026-8827. Check NVD for updates.

Is there a patch for CVE-2026-8827?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.