CVE-2026-1323

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://typo3.org/security/advisory/typo3-ext-sa-2026-005	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cps-it:mailqueue::::::typo3::*
	cpe:2.3:a:cps-it:mailqueue::::::typo3::*

History

25 Apr 2026, 18:37

Type	Values Removed	Values Added
Summary		(es) La extensión no define correctamente las clases permitidas utilizadas al deserializar metadatos de fallo de transporte. Un atacante puede explotar esto para ejecutar código serializado no confiable. Tenga en cuenta que un exploit activo requiere acceso de escritura al directorio configurado en $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath'].
First Time		Cps-it Cps-it mailqueue
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:a:cps-it:mailqueue::::::typo3::*
References	~~() https://typo3.org/security/advisory/typo3-ext-sa-2026-005 -~~	() https://typo3.org/security/advisory/typo3-ext-sa-2026-005 - Vendor Advisory

17 Mar 2026, 09:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-17 09:16

Updated : 2026-04-25 18:37

NVD link : CVE-2026-1323

Mitre link : CVE-2026-1323

CVE.ORG link : CVE-2026-1323

JSON object : View

Products Affected

cps-it

mailqueue

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2026-1323", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-17T09:16:13.507", "references": [{"url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-005", "tags": ["Vendor Advisory"], "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath']."}, {"lang": "es", "value": "La extensi\u00f3n no define correctamente las clases permitidas utilizadas al deserializar metadatos de fallo de transporte. Un atacante puede explotar esto para ejecutar c\u00f3digo serializado no confiable. Tenga en cuenta que un exploit activo requiere acceso de escritura al directorio configurado en $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath']."}], "lastModified": "2026-04-25T18:37:35.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cps-it:mailqueue:*:*:*:*:*:typo3:*:*", "vulnerable": true, "matchCriteriaId": "E61C4198-A8D5-4F8B-A510-3481AB95EBCF", "versionEndExcluding": "0.4.5"}, {"criteria": "cpe:2.3:a:cps-it:mailqueue:*:*:*:*:*:typo3:*:*", "vulnerable": true, "matchCriteriaId": "9BE0D821-5BB7-4CA2-BEB2-B5F2AD96B87D", "versionEndExcluding": "0.5.2", "versionStartIncluding": "0.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "f4fb688c-4412-4426-b4b8-421ecf27b14a"}