CVE-2026-1323
Insecure Deserialization in extension "Mailqueue" (mailqueue)
The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
Productos afectados
TYPO3 · Extension "Mailqueue"¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →