Dear TYPO3 users,
several vulnerabilities have been found in the following third party TYPO3
extensions:
"Mailqueue" (mailqueue)
"Redirect Tab" (redirect_tab)
"E-Mail MFA Provider" (mfa_email)
For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2026-005, TYPO3-EXT-SA-2026-006 and TYPO3-EXT-SA-2026-007
which were published today:
TYPO3-EXT-SA-2026-005: Insecure Deserialization in extension "Mailqueue"
(mailqueue)
[1]https://typo3.org/security/advisory/typo3-ext-sa-2026-005
TYPO3-EXT-SA-2026-006: Broken Access Control in extension "Redirect Tab"
(redirect_tab)
[2]https://typo3.org/security/advisory/typo3-ext-sa-2026-006
TYPO3-EXT-SA-2026-007: Authentication Bypass in extension "E-Mail MFA
Provider" (mfa_email)
[3]TYPO3-EXT-SA-2026-007: Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email) - TYPO3 Association
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
[4]Security guidelines — TYPO3 Explained main documentation
Make sure you are subscribed to the TYPO3 Announce List:
[5]TYPO3-announce Info Page
See all TYPO3 security advisories:
[6]https://typo3.org/help/security-advisories
Best regards,
Torben Hansen
Member of the TYPO3 Security Team