Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-uyeu-a3xr-fkh4
Vulnerability ID VCID-uyeu-a3xr-fkh4
Aliases CVE-2021-41114
GHSA-m2jh-fxw4-gphm
Summary Improper Input Validation TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax
System Score Found at
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2021-41114
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-m2jh-fxw4-gphm
cvssv3.1 4.8 https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-41114.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-41114.yaml
cvssv3.1 4.8 https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-41114.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-41114.yaml
cvssv3.1 4.8 https://github.com/TYPO3/typo3
generic_textual MODERATE https://github.com/TYPO3/typo3
cvssv3.1 4.8 https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4
generic_textual MODERATE https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4
cvssv3.1 4.8 https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm
cvssv3.1_qr MODERATE https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm
generic_textual MODERATE https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm
cvssv3.1 4.8 https://nvd.nist.gov/vuln/detail/CVE-2014-3941
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-3941
cvssv3.1 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41114
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-41114
cvssv3.1 4.8 https://typo3.org/security/advisory/typo3-core-sa-2021-015
generic_textual MODERATE https://typo3.org/security/advisory/typo3-core-sa-2021-015
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-41114
https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-41114.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-41114.yaml
https://github.com/TYPO3/typo3
https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4
https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm
https://typo3.org/security/advisory/typo3-core-sa-2021-015
CVE-2014-3941 https://nvd.nist.gov/vuln/detail/CVE-2014-3941
CVE-2021-41114 https://nvd.nist.gov/vuln/detail/CVE-2021-41114
GHSA-m2jh-fxw4-gphm https://github.com/advisories/GHSA-m2jh-fxw4-gphm
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-41114.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-41114.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/TYPO3/typo3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/TYPO3/typo3/commit/5cbff85506cebe343e5ae59228977547cf8e3cf4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3941
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41114
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://typo3.org/security/advisory/typo3-core-sa-2021-015
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.52246
EPSS Score 0.00289
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:48:54.017455+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-41114.yml 38.0.0