CVE-2026-49738 | TYPO3 CMS up to 14.3.2 File Abstraction Layer secret.yaml isAllowedAbsPath path traversal

A vulnerability was found in TYPO3 CMS up to 10.4.56/11.5.50/12.4.45/13.4.30/14.3.2. It has been rated as critical. Impacted is the function GeneralUtility::isAllowedAbsPath of the file /var/www/html-other/secret.yaml of the component File Abstraction Layer. Performing a manipulation results in path traversal.

This vulnerability is known as CVE-2026-49738. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More