Home
MEDIUM: 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:NDefault status
unaffected
7.0.0 (semver) before 7.0.1
affected
6.0.0 (semver) before 6.6.1
affected
5.0.0 (semver) before 5.6.2
affected
Any version before 4.6.7
affected
Description
The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences.
Problem types
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
7.0.0 (semver) before 7.0.1
6.0.0 (semver) before 6.6.1
5.0.0 (semver) before 5.6.2
Any version before 4.6.7
Credits
Seungbin Yang
Christian Bülter
References
typo3.org/security/advisory/typo3-ext-sa-2026-011