PHP is a general-purpose scripting language that is especially suited for web development.

TYPO3 is a powerful and flexible open-source content management system, well-suited for enterprise use in websites and intranets. It is written in PHP and enables users to manage content through a rich backend interface, while delivering that content in a variety of templates and outputs. TYPO3 offers multilingual support, enterprise-level security, and a comprehensive set of features for developers including an API and extensive documentation.

Typo3

TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

CVE-2026-0859

CVE ID	Gravidade	Pontuação	Tecnologias	Nome do componente	Exploração do CISA KEV	Tem correção	Data de publicação
CVE-2026-23492	HIGH	8.8	PHP	pimcore/pimcore	Não	Sim	Jan 14, 2026
CVE-2026-23498	HIGH	7.2	PHP	shopware/core	Não	Sim	Jan 14, 2026
GHSA-595p-g7xc-c333	MEDIUM	6.9	PHP	algolia/algoliasearch-magento-2	Não	Sim	Jan 14, 2026
CVE-2022-50807	MEDIUM	6.9	PHP	concrete5/concrete5	Não	Não	Jan 13, 2026
CVE-2026-0859	MEDIUM	5.2	PHP	typo3/cms-core	Não	Sim	Jan 13, 2026

CVE-2026-0859:
PHP Análise e mitigação de vulnerabilidades

5.2

Relacionado PHP Vulnerabilidades:

Compare sua postura de segurança na nuvem

Recursos adicionais da Wiz

PEACH

Pronto para ver a Wiz em ação?

CVE-2026-0859: PHP Análise e mitigação de vulnerabilidades