CVE-2026-46724— Path Traversal in extension "Faceted Search" (ke_search)

AI Predicted 7.5 Difficulty: Easy EPSS 0.04% · P13 Updated May 19, 2026

Possible ATT&CK Techniques 2AI

T1005 · Data from Local System T1083 · File and Directory Discovery

Affected Version Matrix 3

Vendor	Product	Version Range	Status
TYPO3	Extension "Faceted Search"	`7.0.0< 7.0.1`	affected
		`6.0.0< 6.6.1`	affected
		`< 5.6.2`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-46724

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Path Traversal in extension "Faceted Search" (ke_search)

Source: NVD (National Vulnerability Database)

Vulnerability Description

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

TYPO3 Extension Faceted Search 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

TYPO3 Extension Faceted Search是TYPO3开源的一个TYPO3分面搜索扩展。 TYPO3 Extension Faceted Search存在路径遍历漏洞，该漏洞源于文件索引器未规范化配置的目录路径，可能导致具有编辑索引器配置权限的后端用户通过路径遍历序列索引服务器文件系统上任意位置的文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
TYPO3	Extension "Faceted Search"	7.0.0 ~ 7.0.1	-

II. Public POCs for CVE-2026-46724

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-46724

请登录查看更多情报信息。

Advisory · 1

Same Patch Batch · TYPO3 · 2026-05-19 · 8 CVEs total

CVE-2026-46722		XML External Entity Injection in extension "Faceted Search" (ke_search)
CVE-2026-46725		Remote Code Execution in extension "Content Element Selector" (ceselector)
CVE-2026-46721		Broken Access Control in extension "Frontend User Registration" (sf_register)
CVE-2026-46723		Information Disclosure in extension "Faceted Search" (ke_search)
CVE-2026-8726		SQL Injection in extension "News system" (news)
CVE-2026-8727		Remote Code Execution in extension "Site Crawler" (crawler)
CVE-2026-8827		SQL Injection in extension "Address List" (tt_address)

IV. Related Vulnerabilities

Same product: Extension "Faceted Search"

Same vendor: TYPO3

Same weakness: CWE-22

V. Comments for CVE-2026-46724

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-46724— Path Traversal in extension "Faceted Search" (ke_search)

Possible ATT&CK Techniques 2AI

Affected Version Matrix 3

I. Basic Information for CVE-2026-46724

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-46724

III. Intelligence Information for CVE-2026-46724

Same Patch Batch · TYPO3 · 2026-05-19 · 8 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-46724

Leave a comment