CVE-2026-6553 - Vulnerability Details - OpenCVE

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Typo3	Typo3

No data.

No data.

No data.

References

Link	Providers
https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291
https://typo3.org/security/advisory/typo3-core-sa-2026-005

History

Tue, 21 Apr 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
Title		TYPO3 CMS Stores Cleartext Password in User Settings Module
First Time appeared		Typo3 Typo3 typo3
Weaknesses		CWE-312
CPEs		cpe:2.3:a:typo3:typo3::::::::
Vendors & Products		Typo3 Typo3 typo3
References		https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291 https://typo3.org/security/advisory/typo3-core-sa-2026-005
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: TYPO3

Published: 2026-04-21T10:04:02.525Z

Updated: 2026-04-21T10:08:27.342Z

Reserved: 2026-04-17T21:40:53.165Z

Link: CVE-2026-6553

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-21T10:16:31.220

Modified: 2026-04-21T10:16:31.220

Link: CVE-2026-6553

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6553", "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "state": "PUBLISHED", "assignerShortName": "TYPO3", "dateReserved": "2026-04-17T21:40:53.165Z", "datePublished": "2026-04-21T10:04:02.525Z", "dateUpdated": "2026-04-21T10:08:27.342Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "shortName": "TYPO3", "dateUpdated": "2026-04-21T10:08:27.342Z"}, "title": "TYPO3 CMS Stores Cleartext Password in User Settings Module", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-312", "description": "CWE-312 Cleartext storage of sensitive information", "type": "CWE"}]}], "affected": [{"vendor": "TYPO3", "product": "TYPO3 CMS", "collectionURL": "https://packagist.org", "packageName": "typo3/cms-backend", "repo": "https://github.com/TYPO3/typo3", "versions": [{"status": "affected", "version": "14.2.0", "lessThan": "14.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.2.0", "versionEndExcluding": "14.3.0"}]}]}], "descriptions": [{"lang": "en", "value": "Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Changing backend users' passwords via the user settings module results in storing the cleartext password in the <code>uc</code> and <code>user_settings</code> fields of the <code>be_users</code> database table. This issue affects TYPO3 CMS version 14.2.0."}]}], "references": [{"url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005", "tags": ["vendor-advisory"]}, {"url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291", "name": "Git commit of main branch", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"}}], "credits": [{"lang": "en", "value": "Martin Clewing", "type": "reporter"}, {"lang": "en", "value": "Garvin Hicking", "type": "remediation developer"}, {"lang": "en", "value": "Stefan B\u00fcrk", "type": "remediation developer"}, {"lang": "en", "value": "Oliver Hader", "type": "remediation developer"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0."}], "id": "CVE-2026-6553", "lastModified": "2026-04-21T10:16:31.220", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "type": "Secondary"}]}, "published": "2026-04-21T10:16:31.220", "references": [{"source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291"}, {"source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005"}], "sourceIdentifier": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "f4fb688c-4412-4426-b4b8-421ecf27b14a", "type": "Secondary"}]}