This page aggregates publicly disclosed CVE and security risk information related to cps-it, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1323 | The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath']. | f4fb688c-4412-4426-b4b8-421ecf27b14a | 5.2 | 0.21% | 2026-03-17 | 2026-04-25 |