CVE-2026-6553

Published: Apr 21, 2026

Modified: Apr 21, 2026

PUBLISHED

Description

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.

Vendor	Product	Versions
TYPO3	TYPO3 CMS	affected `14.2.0 - < 14.3.0`

Weaknesses (CWE)

CWE-312

References

https://typo3.org/security/advisory/typo3-core-sa-2026-005

vendor-advisory

Git commit of main branch

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-6553

Description

Affected Products

Weaknesses (CWE)

References