[MEDIUM] TYPO3-CORE-SA-2026-015: Broken Access Control in Backend API

PKSA-gr4f-6g49-cg8v CVE-2026-47352 GHSA-2j54-93q2-3hjq

Affected package: typo3/cms-core

Affected version: <10.4.57|>=11.0.0,<11.5.51|>=12.0.0,<12.4.46|>=13.0.0,<13.4.31|>=14.0.0,<14.3.3

Reported by:
GitHub, FriendsOfPHP/security-advisories