Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for Extension "Redirect Tabs" by TYPO3
CVE-2026-4202 (GCVE-0-2026-4202)
Vulnerability from nvd – Published: 2026-03-17 08:33 – Updated: 2026-03-17 08:33
VLAI?
Title
Broken Access Control in extension "Redirect Tab"
Summary
The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TYPO3 | Extension "Redirect Tabs" |
Affected:
4.0.0 , < 4.0.5
(semver)
Affected: 3.0.0 , < 3.1.7 (semver) Affected: 0 , < 2.1.2 (semver) |
Date Public ?
2026-03-17 09:00
Credits
Guido Schmechel
Guido Schmechel
{
"containers": {
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org/",
"defaultStatus": "unaffected",
"packageName": "ayacoo/redirect-tab",
"product": "Extension \"Redirect Tabs\"",
"repo": "https://github.com/ayacoo/redirect_tab",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.1.7",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Guido Schmechel"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Guido Schmechel"
}
],
"datePublic": "2026-03-17T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eThe extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.\u003c/span\u003e"
}
],
"value": "The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T08:33:40.968Z",
"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"shortName": "TYPO3"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control in extension \"Redirect Tab\"",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"assignerShortName": "TYPO3",
"cveId": "CVE-2026-4202",
"datePublished": "2026-03-17T08:33:40.968Z",
"dateReserved": "2026-03-15T10:57:58.870Z",
"dateUpdated": "2026-03-17T08:33:40.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4202 (GCVE-0-2026-4202)
Vulnerability from cvelistv5 – Published: 2026-03-17 08:33 – Updated: 2026-03-17 08:33
VLAI?
Title
Broken Access Control in extension "Redirect Tab"
Summary
The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TYPO3 | Extension "Redirect Tabs" |
Affected:
4.0.0 , < 4.0.5
(semver)
Affected: 3.0.0 , < 3.1.7 (semver) Affected: 0 , < 2.1.2 (semver) |
Date Public ?
2026-03-17 09:00
Credits
Guido Schmechel
Guido Schmechel
{
"containers": {
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org/",
"defaultStatus": "unaffected",
"packageName": "ayacoo/redirect-tab",
"product": "Extension \"Redirect Tabs\"",
"repo": "https://github.com/ayacoo/redirect_tab",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.1.7",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Guido Schmechel"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Guido Schmechel"
}
],
"datePublic": "2026-03-17T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eThe extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.\u003c/span\u003e"
}
],
"value": "The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T08:33:40.968Z",
"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"shortName": "TYPO3"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2026-006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control in extension \"Redirect Tab\"",
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"assignerShortName": "TYPO3",
"cveId": "CVE-2026-4202",
"datePublished": "2026-03-17T08:33:40.968Z",
"dateReserved": "2026-03-15T10:57:58.870Z",
"dateUpdated": "2026-03-17T08:33:40.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}