Vulnerability in Typo3 Cms
CVE-2026-15305
Users were able to upload files with arbitrary MIME types to forms using FileUpload or ImageUpload elements with allowedMimeTypes configured. The restriction was not enforced server-side because the MimeTypeValidator was registered during…
Affected products
- Typo3 Cms — versions 14.2.0
Weakness classification (CWE)
References
- f4fb688c-4412-4426-b4b8-421ecf27b14a (vendor-advisory)