{"cve":{"cve_id":"CVE-2026-46722","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00301,"epss_percentile":0.21592,"epss_as_of":"2026-06-23","description":"The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index.","published_at":"2026-05-19T09:23:02.618000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":5.9,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-611"],"nvd_references":["https://typo3.org/security/advisory/typo3-ext-sa-2026-011"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:30:38.837790Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"L","value_label":"Low"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"typo3","vendor_name":"TYPO3","product_slug":"extension-faceted-search","product_name":"Extension \"Faceted Search\"","version_start":"7.0.0","version_start_inclusive":true,"version_end":"7.0.1","version_end_inclusive":false,"cpe23_uri":"cve5:typo3:extension-faceted-search:7.0.0:7.0.1"},{"vendor_slug":"typo3","vendor_name":"TYPO3","product_slug":"extension-faceted-search","product_name":"Extension \"Faceted Search\"","version_start":"6.0.0","version_start_inclusive":true,"version_end":"6.6.1","version_end_inclusive":false,"cpe23_uri":"cve5:typo3:extension-faceted-search:6.0.0:6.6.1"},{"vendor_slug":"typo3","vendor_name":"TYPO3","product_slug":"extension-faceted-search","product_name":"Extension \"Faceted Search\"","version_start":"5.0.0","version_start_inclusive":true,"version_end":"5.6.2","version_end_inclusive":false,"cpe23_uri":"cve5:typo3:extension-faceted-search:5.0.0:5.6.2"},{"vendor_slug":"typo3","vendor_name":"TYPO3","product_slug":"extension-faceted-search","product_name":"Extension \"Faceted Search\"","version_start":"0","version_start_inclusive":true,"version_end":"4.6.7","version_end_inclusive":false,"cpe23_uri":"cve5:typo3:extension-faceted-search:0:4.6.7"}],"exploit_refs":[],"news":[],"references":[{"url":"https://typo3.org/security/advisory/typo3-ext-sa-2026-011","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-05-19T09:23:02.618000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:54:49.174395Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:54:49.174395Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:54:49.174395Z","label":"CVSS score revised","source":"cvelistv5"}]}