Back to search
CVE-2026-46721
Published: May 19, 2026
Modified: May 19, 2026
PUBLISHED
Description
The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to content and functionality restricted to privileged frontend user groups.
| Vendor | Product | Versions |
|---|---|---|
TYPO3 | Extension "Frontend User Registration" | affected 14.0.0 - < 14.0.2affected 0 - < 13.2.4 |
References
https://typo3.org/security/advisory/typo3-ext-sa-2026-009
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now