CVE-2026-4202: Broken Access Control in extension "Redirect Tab" (redirect_tab)

March 17, 2026 (updated March 18, 2026)

The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page.

References

github.com/advisories/GHSA-755r-r738-mjgp
github.com/ayacoo/redirect_tab
github.com/ayacoo/redirect_tab/commit/085f4cbf9848241510b5032d1b330889f6de6596
nvd.nist.gov/vuln/detail/CVE-2026-4202
typo3.org/security/advisory/typo3-ext-sa-2026-006

Code Behaviors & Features

Detect and mitigate CVE-2026-4202 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →