{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6553", "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "state": "PUBLISHED", "assignerShortName": "TYPO3", "dateReserved": "2026-04-17T21:40:53.165Z", "datePublished": "2026-04-21T10:04:02.525Z", "dateUpdated": "2026-04-21T13:20:23.515Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "shortName": "TYPO3", "dateUpdated": "2026-04-21T10:08:27.342Z"}, "title": "TYPO3 CMS Stores Cleartext Password in User Settings Module", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-312", "description": "CWE-312 Cleartext storage of sensitive information", "type": "CWE"}]}], "affected": [{"vendor": "TYPO3", "product": "TYPO3 CMS", "collectionURL": "https://packagist.org", "packageName": "typo3/cms-backend", "repo": "https://github.com/TYPO3/typo3", "versions": [{"status": "affected", "version": "14.2.0", "lessThan": "14.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.2.0", "versionEndExcluding": "14.3.0"}]}]}], "descriptions": [{"lang": "en", "value": "Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Changing backend users' passwords via the user settings module results in storing the cleartext password in the <code>uc</code> and <code>user_settings</code> fields of the <code>be_users</code> database table. This issue affects TYPO3 CMS version 14.2.0."}]}], "references": [{"url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005", "tags": ["vendor-advisory"]}, {"url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291", "name": "Git commit of main branch", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"}}], "credits": [{"lang": "en", "value": "Martin Clewing", "type": "reporter"}, {"lang": "en", "value": "Garvin Hicking", "type": "remediation developer"}, {"lang": "en", "value": "Stefan B\u00fcrk", "type": "remediation developer"}, {"lang": "en", "value": "Oliver Hader", "type": "remediation developer"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:20:11.733627Z", "id": "CVE-2026-6553", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:20:23.515Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6553", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T13:20:11.733627Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:20:18.344Z"}}], "cna": {"title": "TYPO3 CMS Stores Cleartext Password in User Settings Module", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Martin Clewing"}, {"lang": "en", "type": "remediation developer", "value": "Garvin Hicking"}, {"lang": "en", "type": "remediation developer", "value": "Stefan B\u00fcrk"}, {"lang": "en", "type": "remediation developer", "value": "Oliver Hader"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/TYPO3/typo3", "vendor": "TYPO3", "product": "TYPO3 CMS", "versions": [{"status": "affected", "version": "14.2.0", "lessThan": "14.3.0", "versionType": "semver"}], "packageName": "typo3/cms-backend", "collectionURL": "https://packagist.org", "defaultStatus": "unaffected"}], "references": [{"url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005", "tags": ["vendor-advisory"]}, {"url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291", "name": "Git commit of main branch", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.", "supportingMedia": [{"type": "text/html", "value": "Changing backend users' passwords via the user settings module results in storing the cleartext password in the <code>uc</code> and <code>user_settings</code> fields of the <code>be_users</code> database table. This issue affects TYPO3 CMS version 14.2.0.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext storage of sensitive information"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "14.3.0", "versionStartIncluding": "14.2.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "shortName": "TYPO3", "dateUpdated": "2026-04-21T10:08:27.342Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6553", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:20:23.515Z", "dateReserved": "2026-04-17T21:40:53.165Z", "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "datePublished": "2026-04-21T10:04:02.525Z", "assignerShortName": "TYPO3"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "29C90077-1876-4149-ACC0-1F4C0917E41D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0."}], "id": "CVE-2026-6553", "lastModified": "2026-05-05T19:49:37.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "type": "Secondary"}]}, "published": "2026-04-21T10:16:31.220", "references": [{"source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "tags": ["Patch"], "url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291"}, {"source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005"}], "sourceIdentifier": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[14.2.0,14.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "typo3", "vendor": "typo3"}], "analysis": {"en": {"generated_at": "2026-04-21T23:05:31.241664+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of TYPO3 CMS where the cleartext password storage issue is resolved.", "Restrict backend user permissions so that only trusted administrators can change passwords via the user settings module.", "Review and cleanse the be_users table for any existing cleartext passwords and enforce hashing or deletion of those entries."], "summary": {"action": "Immediate Patch", "impact": "Cleartext password storage"}, "threat_synthesis": {"affected_systems": "TYPO3 CMS version 14.2.0 is affected. No other versions were listed as impacted, so only installations of the 14.2.0 release are known to be vulnerable.", "description_and_impact": "The vulnerability arises in the backend user settings module of TYPO3 CMS, where changing a user password results in the cleartext password being written to the uc and user_settings columns of the be_users database table. This insecure storage of sensitive data (CWE-312) means that any party with database access can read stored passwords, potentially compromising user accounts and enabling further unauthorized actions. The CVSS score of 7.3 reflects a moderate-to-high risk of credential compromise in environments that rely on CMS backend authentication.", "risk_and_exploitability": "The EPSS score indicates a probability of exploitation of less than 1%. The vulnerability is not listed in the CISA KEV catalog, suggesting no widely known active exploitation. Because the issue is triggered by altering passwords through the backend user interface, a likely attack vector involves an insider or an attacker who has already gained database access; there is no direct external network exploitation mentioned, so the risk is largely limited to systems with insufficient isolation of the CMS backend and database."}}}}, "created": "2026-04-21T23:15:03.118627+00:00", "updated": "2026-04-22T11:46:37.789657+00:00", "vendors": ["typo3", "typo3$PRODUCT$typo3"]}