Vulnerability in Typo3 Extension "Faceted Search"
CVE-2026-46723
The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the sear…
EPSS: 0.001 (16.2th percentile) — read the EPSS interpretation.
Affected products
- Typo3 Extension "Faceted Search" — versions 7.0.0, 6.0.0, 0
Weakness classification (CWE)
References
- f4fb688c-4412-4426-b4b8-421ecf27b14a (vendor-advisory)