CVE-2026-47350 PUBLISHED

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.

• Hyunseo Shin reporter
• Torben Hansen remediation developer

• https://typo3.org/security/advisory/typo3-core-sa-2026-012
• Git commit of main branch
• Git commit of 13.4 branch

• CWE-862 Missing Authorization CWE