CVE-2026-47343 is a missing authorization vulnerability in TYPO3 CMS where non-privileged backend users who have access to file mounts can perform unauthorized write operations on root folders of those mounts. This occurs due to insufficient authorization checks restricting these operations. Affected versions include TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2. The vulnerability is rated high severity with a CVSS 4.0 score of 7.2, indicating network attack vector, low attack complexity, no privileges required beyond backend user, no user interaction, and limited confidentiality and availability impact but high integrity impact.

Non-privileged backend users with file mount access can perform unauthorized write operations (move, delete, rename) on root folders of active file mounts. This could lead to unauthorized modification or deletion of critical files or directories within the CMS environment, potentially disrupting service or compromising data integrity.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are provided in the available data. Users should monitor TYPO3 vendor advisories for updates and apply patches once available. Until then, restrict backend user permissions to minimize exposure.