Vulnerability in Typo3 Cms

CVE-2026-15305

Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during…

Affected products

Weakness classification (CWE)

References