Primary

Context

TYPO3 Mailqueue Extension Insecure Deserialization Vulnerability

Vulnerability

A vulnerability exists in the TYPO3 Mailqueue extension, versions 0.5.0 to 0.5.1, and 0.4.4 and below, allowing insecure deserialization of transport failure metadata. This flaw could be exploited to execute untrusted serialized code. However, successful exploitation requires write access to the directory specified by the transport spool file path configuration.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of serialized code, potentially allowing an attacker to execute malicious payloads on the server.

Remediation

Users are advised to update to version 0.5.2 or 0.4.5, available through the TYPO3 extension manager, Packagist, or directly from the TYPO3 extensions repository.

Added: Mar 17, 2026, 9:34 AM

Updated: Mar 17, 2026, 9:34 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.2

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.2

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 Mailqueue Extension Insecure Deserialization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating