Refine your search
2 vulnerabilities found for Extension "Mailqueue" by TYPO3
CVE-2026-1323 (GCVE-0-2026-1323)
Vulnerability from cvelistv5
Published
2026-03-17 08:33
Modified
2026-03-17 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TYPO3 | Extension "Mailqueue" |
Version: 0 ≤ Version: 0.5.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T13:18:07.208226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T13:18:18.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org/",
"defaultStatus": "unaffected",
"packageName": "cpsit/typo3-mailqueue",
"product": "Extension \"Mailqueue\"",
"repo": "https://github.com/CPS-IT/mailqueue",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "0.4.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "0.5.2",
"status": "affected",
"version": "0.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Elias H\u00e4u\u00dfler"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Elias H\u00e4u\u00dfler"
}
],
"datePublic": "2026-03-17T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at \u003ccode\u003e$GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027MAIL\u0027][\u0027transport_spool_filepath\u0027]\u003c/code\u003e."
}
],
"value": "The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS[\u0027TYPO3_CONF_VARS\u0027][\u0027MAIL\u0027][\u0027transport_spool_filepath\u0027]."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T08:33:05.160Z",
"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"shortName": "TYPO3"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-005"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Deserialization in extension \"Mailqueue\" (mailqueue)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"assignerShortName": "TYPO3",
"cveId": "CVE-2026-1323",
"datePublished": "2026-03-17T08:33:05.160Z",
"dateReserved": "2026-01-22T06:39:32.852Z",
"dateUpdated": "2026-03-17T13:18:18.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0895 (GCVE-0-2026-0895)
Vulnerability from cvelistv5
Published
2026-01-20 07:19
Modified
2026-01-20 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 .
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TYPO3 | Extension "Mailqueue" |
Version: 0 ≤ Version: 0.5.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T17:56:49.546112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T18:07:10.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org/",
"defaultStatus": "unaffected",
"packageName": "cpsit/typo3-mailqueue",
"product": "Extension \"Mailqueue\"",
"repo": "https://github.com/CPS-IT/mailqueue",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "0.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "0.5.1",
"status": "affected",
"version": "0.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Elias H\u00e4u\u00dfler"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Elias H\u00e4u\u00dfler"
}
],
"datePublic": "2026-01-20T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The extension extends TYPO3\u2019 \u003ccode\u003eFileSpool\u003c/code\u003e component, which was vulnerable to Insecure Deserialization prior to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://typo3.org/security/advisory/typo3-core-sa-2026-004\"\u003eTYPO3-CORE-SA-2026-004\u003c/a\u003e. Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://typo3.org/security/advisory/typo3-core-sa-2026-004\"\u003eTYPO3-CORE-SA-2026-004\u003c/a\u003e."
}
],
"value": "The extension extends TYPO3\u2019 FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization, because the affected vulnerable code was extracted from TYPO3 core to the extension. More information about this vulnerability can be found in the related TYPO3 Core Security Advisory TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 ."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T07:21:28.109Z",
"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"shortName": "TYPO3"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-001"
},
{
"tags": [
"patch"
],
"url": "https://github.com/CPS-IT/mailqueue/commit/fd09aa4e1a751551bae4b228bee814e22f2048db"
},
{
"tags": [
"patch"
],
"url": "https://github.com/CPS-IT/mailqueue/commit/12a0a35027bb5609917790a94e43bbf117abf733"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Deserialization in extension \"Mailqueue\" (mailqueue)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"assignerShortName": "TYPO3",
"cveId": "CVE-2026-0895",
"datePublished": "2026-01-20T07:19:00.786Z",
"dateReserved": "2026-01-13T15:24:31.992Z",
"dateUpdated": "2026-01-20T18:07:10.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}