Volerion logoVolerion
Volerion logoVolerion

TYPO3 Faceted Search Extension Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability has been identified in the TYPO3 extension 'Faceted Search' (ke_search) versions 7.0.0, 6.0.0 through 6.6.0, and 5.6.1 and below. The vulnerability arises because the file indexer does not properly normalize configured directory paths. This flaw allows a backend user with permission to edit indexer configurations to use path traversal sequences to index documents from arbitrary locations on the server file system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files on the server, allowing indexed documents to be sourced from locations outside of the intended directory.

Remediation

Users are advised to update to version 7.0.1, 6.6.1, or 5.6.2, available through the TYPO3 Extension Manager, Packagist, or directly from the TYPO3 Extensions Repository.

Added: May 19, 2026, 10:20 AM
Updated: May 19, 2026, 10:20 AM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
2.5
exploitability
5.4
remediation
3.1
relevance
8.8
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.