CVE-2026-11607: Typo3 Form Logic Bypass

A logical flaw in validation requires a payload both to conform to a specific structure and to possess an invalid extension before throwing an error. This allows payloads with invalid structures to bypass the extension validation entirely. Ensure that format validation and file extension validation independently trigger errors if either constraint fails.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0PHP^β