CVE-2026-8429
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SPIP | SPIP | 0 < 4.4.14 | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://blog.spip.net/
- https://www.vulncheck.com/advisories/spip-prior-to-remote-code-execution-via-private-space
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.