Primary

Context

TYPO3 Faceted Search Extension Arbitrary Data Indexing Vulnerability

Vulnerability

A vulnerability in the TYPO3 extension 'Faceted Search' (ke_search) allows backend users with permission to edit indexer configurations to index sensitive data from internal TYPO3 tables. This issue arises because the 'additional_tables' configuration of the page and tt_content indexers accepts arbitrary table and field names. Exploitation of this vulnerability could lead to unauthorized information disclosure.

Impact

Exploitation of this vulnerability could result in the unauthorized indexing of sensitive data from internal TYPO3 tables, potentially leading to information disclosure.

Remediation

Users of the 'Faceted Search' extension are advised to update to version 7.0.1, 6.6.1, or 5.6.2. These versions are available from the TYPO3 extension manager, Packagist, and the TYPO3 Extensions Repository.

Added: May 19, 2026, 10:37 AM

Updated: May 19, 2026, 10:37 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.0

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.0

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 Faceted Search Extension Arbitrary Data Indexing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TYPO3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating