CVE-2026-46725— Remote Code Execution in extension "Content Element Selector" (ceselector)
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 4
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TYPO3 | Extension "Content Element Selector" | 6.0.0< 6.0.1 | affected |
5.0.0< 5.0.1 | affected | ||
4.0.0< 4.0.2 | affected | ||
< 3.0.3 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-46725
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in extension "Content Element Selector" (ceselector)
Source: NVD (National Vulnerability Database)
Vulnerability Description
The extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation requires the content element to be configured with "Persistent Mode: Static" in the plugin settings.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
TYPO3 Extension Content Element Selector 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TYPO3 Extension Content Element Selector是TYPO3开源的一个TYPO3内容元素选择扩展。 TYPO3 Extension Content Element Selector存在代码问题漏洞,该漏洞源于扩展直接将攻击者控制的cookie传递给PHP的unserialize()而未安全处理输入,可能导致远程未认证攻击者提供特制序列化有效载荷触发PHP对象注入,导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TYPO3 | Extension "Content Element Selector" | 6.0.0 ~ 6.0.1 | - |
II. Public POCs for CVE-2026-46725
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-46725
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-46725 (1)
Same Patch Batch · TYPO3 · 2026-05-19 · 8 CVEs total
| CVE-2026-46722 | XML External Entity Injection in extension "Faceted Search" (ke_search) | |
| CVE-2026-46721 | Broken Access Control in extension "Frontend User Registration" (sf_register) | |
| CVE-2026-46723 | Information Disclosure in extension "Faceted Search" (ke_search) | |
| CVE-2026-46724 | Path Traversal in extension "Faceted Search" (ke_search) | |
| CVE-2026-8726 | SQL Injection in extension "News system" (news) | |
| CVE-2026-8727 | Remote Code Execution in extension "Site Crawler" (crawler) | |
| CVE-2026-8827 | SQL Injection in extension "Address List" (tt_address) |
IV. Related Vulnerabilities
Same vendor: TYPO3
- CVE-2026-8827
SQL Injection in extension "Address List" (tt_address) - CVE-2026-46724
Path Traversal in extension "Faceted Search" (ke_search) - CVE-2026-46723
Information Disclosure in extension "Faceted Search" (ke_sea - CVE-2026-46722
XML External Entity Injection in extension "Faceted Search" - CVE-2026-8726
SQL Injection in extension "News system" (news)
Same weakness: CWE-502
- CVE-2026-41104
Microsoft Planetary Computer Pro Information Disclosure Vuln - CVE-2026-45659
Microsoft SharePoint Remote Code Execution Vulnerability - CVE-2026-9291
Insecure Deserialization in Amazon Braket SDK Job Results Pr - CVE-2026-8135
Concrete CMS 9.5.0 and below is vulnerable to RCE due to ins - CVE-2026-48207
Apache Fory: PyFory ReduceSerializer Incomplete Policy Enfor
V. Comments for CVE-2026-46725
No comments yet