{"vulnerability": "CVE-2026-47347", "sightings": [{"uuid": "b65b1f3e-cc18-4f61-b351-482af7570996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47347", "type": "seen", "source": "https://gist.github.com/alon710/45b8c4a23a1b5a0fbe2279df9a787a90", "content": "# CVE-2026-47347: CVE-2026-47347: Open Redirect Vulnerability in TYPO3 CMS GeneralUtility::sanitizeLocalUrl\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-47347\n\n## Summary\nCVE-2026-47347 is an open redirect vulnerability affecting multiple TYPO3 CMS versions. The issue resides in GeneralUtility::sanitizeLocalUrl, where an insufficient blocklist validation implementation fails to prevent browsers from normalizing malformed relative paths into external protocol-relative redirections. Attackers can exploit this to conduct phishing, session hijacking, or credential harvesting campaigns.\n\n## TL;DR\nA flaw in TYPO3's GeneralUtility::sanitizeLocalUrl allows attackers to bypass local URL verification. By passing URLs with backslashes, attackers trigger modern browser normalizations, redirecting users to external malicious domains.\n\n## Technical Details\n\n- **CWE ID**: CWE-601\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0**: 5.3 (Medium)\n- **EPSS Score**: 0.00484\n- **Exploit Status**: None (No Public Exploit)\n- **CISA KEV Status**: Not Listed\n- **Impact**: Subsequent System Integrity (SI:L)\n\n## Affected Systems\n\n- TYPO3 CMS Core\n- **TYPO3 CMS**: < 10.4.57 (Fixed in: `10.4.57 ELTS`)\n- **TYPO3 CMS**: 11.0.0 - 11.5.50 (Fixed in: `11.5.51 ELTS`)\n- **TYPO3 CMS**: 12.0.0 - 12.4.45 (Fixed in: `12.4.46 ELTS`)\n- **TYPO3 CMS**: 13.0.0 - 13.4.30 (Fixed in: `13.4.31 LTS`)\n- **TYPO3 CMS**: 14.0.0 - 14.3.2 (Fixed in: `14.3.3 LTS`)\n\n## Mitigation\n\n- Upgrade to a patched version of TYPO3 CMS Core.\n- Implement Web Application Firewall (WAF) filtering to identify and block invalid characters (such as backslashes) in redirect-associated parameter keys.\n\n**Remediation Steps:**\n1. Verify the current version of the TYPO3 CMS installation.\n2. Obtain the appropriate security update based on the current branch (e.g., 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS).\n3. Apply the security update and clear TYPO3 system caches.\n4. Configure WAF rules to drop traffic containing double-backslashes or non-standard control characters in query strings targeting redirection modules.\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-009](https://typo3.org/security/advisory/typo3-core-sa-2026-009)\n- [CVE-2026-47347 Record](https://www.cve.org/CVERecord?id=CVE-2026-47347)\n- [TYPO3 Core Commit 22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd](https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd)\n- [TYPO3 Core Commit 3ffc0835012c6199db0e1dc4b56a77147d8600e0](https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0)\n- [CWE-601 Definition](https://cwe.mitre.org/data/definitions/601.html)\n- [TYPO3 Security Guide](https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html#security)\n- [TYPO3 Announce Mailing List](http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce)\n- [TYPO3 Review System Log](https://review.typo3.org/#/q/status:merged+project:Packages/TYPO3.CMS+topic:security,n,z)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47347) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T15:11:46.000000Z"}, {"uuid": "29709c43-0bd0-4670-b76b-fa5b7515109d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-47347", "type": "seen", "source": "https://gist.github.com/alon710/cac399543a2b7d81a55d66704f7b735e", "content": "# CVE-2026-47347: CVE-2026-47347: Open Redirect Vulnerability in TYPO3 CMS GeneralUtility::sanitizeLocalUrl\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-12\n> **Full Report:** https://cvereports.com/reports/CVE-2026-47347\n\n## Summary\nCVE-2026-47347 is an open redirect vulnerability affecting multiple TYPO3 CMS versions. The issue resides in GeneralUtility::sanitizeLocalUrl, where an insufficient blocklist validation implementation fails to prevent browsers from normalizing malformed relative paths into external protocol-relative redirections. Attackers can exploit this to conduct phishing, session hijacking, or credential harvesting campaigns.\n\n## TL;DR\nA flaw in TYPO3's GeneralUtility::sanitizeLocalUrl allows attackers to bypass local URL verification. By passing URLs with backslashes, attackers trigger modern browser normalizations, redirecting users to external malicious domains.\n\n## Technical Details\n\n- **CWE ID**: CWE-601\n- **Attack Vector**: Network (AV:N)\n- **CVSS v4.0**: 5.3 (Medium)\n- **EPSS Score**: 0.00484\n- **Exploit Status**: None (No Public Exploit)\n- **CISA KEV Status**: Not Listed\n- **Impact**: Subsequent System Integrity (SI:L)\n\n## Affected Systems\n\n- TYPO3 CMS Core\n- **TYPO3 CMS**: < 10.4.57 (Fixed in: `10.4.57 ELTS`)\n- **TYPO3 CMS**: 11.0.0 - 11.5.50 (Fixed in: `11.5.51 ELTS`)\n- **TYPO3 CMS**: 12.0.0 - 12.4.45 (Fixed in: `12.4.46 ELTS`)\n- **TYPO3 CMS**: 13.0.0 - 13.4.30 (Fixed in: `13.4.31 LTS`)\n- **TYPO3 CMS**: 14.0.0 - 14.3.2 (Fixed in: `14.3.3 LTS`)\n\n## Mitigation\n\n- Upgrade to a patched version of TYPO3 CMS Core.\n- Implement Web Application Firewall (WAF) filtering to identify and block invalid characters (such as backslashes) in redirect-associated parameter keys.\n\n**Remediation Steps:**\n1. Verify the current version of the TYPO3 CMS installation.\n2. Obtain the appropriate security update based on the current branch (e.g., 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS).\n3. Apply the security update and clear TYPO3 system caches.\n4. Configure WAF rules to drop traffic containing double-backslashes or non-standard control characters in query strings targeting redirection modules.\n\n## References\n\n- [TYPO3 Security Advisory TYPO3-CORE-SA-2026-009](https://typo3.org/security/advisory/typo3-core-sa-2026-009)\n- [CVE-2026-47347 Record](https://www.cve.org/CVERecord?id=CVE-2026-47347)\n- [TYPO3 Core Commit 22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd](https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd)\n- [TYPO3 Core Commit 3ffc0835012c6199db0e1dc4b56a77147d8600e0](https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0)\n- [CWE-601 Definition](https://cwe.mitre.org/data/definitions/601.html)\n- [TYPO3 Security Guide](https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html#security)\n- [TYPO3 Announce Mailing List](http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce)\n- [TYPO3 Review System Log](https://review.typo3.org/#/q/status:merged+project:Packages/TYPO3.CMS+topic:security,n,z)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-47347) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-15T15:21:23.000000Z"}]}