Primary

Context

Contao Information Disclosure Vulnerability in Frontend Search Index

Vulnerability

Patched

A vulnerability in Contao CMS versions 4.9.14 prior to 4.13.56, 5.3.38, and 5.6.1 allows protected content elements rendered as fragments to be indexed and publicly accessible through the frontend search. This issue has been addressed in versions 4.13.56, 5.3.38, and 5.6.1. Users can temporarily disable the frontend search as a workaround.

Impact

This vulnerability leads to unauthorized information disclosure by allowing protected content elements to be indexed and made publicly available in the frontend search.

Remediation

Users are advised to update to Contao versions 4.13.56, 5.3.38, or 5.6.1. Instructions for updating can be found in the Contao documentation.

Added: Aug 28, 2025, 5:24 PM

Updated: Aug 28, 2025, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.2

remediation

8.3

relevance

0.4

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.2

remediation

8.3

relevance

0.4

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Contao Information Disclosure Vulnerability in Frontend Search Index

Vulnerability

Impact

Remediation

Affected Products

Contao

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating