CVE-2026-46723
TYPO3 ke_search path traversal from arbitrary table configuration input
Description
In TYPO3 faceted fulltext search (`ke_search`), the`additional_tables` configuration of the page and `tt_content` indexers accept arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index. This has been patched in versions 7.0.1, 6.6.1, 5.6.2 and 4.6.7.
How to fix CVE-2026-46723
To remediate CVE-2026-46723, upgrade the affected package to a fixed version below.
- Packagist/tpwd/ke_search—upgrade to 7.0.1 or later
Is CVE-2026-46723 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-46723.
Affected packages (1)
- >= 7.0.0, < 7.0.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N |