[HIGH] TYPO3-CORE-SA-2026-013: Broken Access Control in Media Module

PKSA-vbrn-fwpj-xmx5 CVE-2026-49742 GHSA-chm7-4vch-h8vr

Affected package: typo3/cms-core

Affected version: >=11.0.0,<11.5.51|>=12.0.0,<12.4.46|>=13.0.0,<13.4.31|>=14.0.0,<14.3.3

Reported by:
GitHub, FriendsOfPHP/security-advisories