CVE-2026-8429

HIGH CVSS 8.8 View on NVD ↗

Description

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://blog.spip.net/
https://www.vulncheck.com/advisories/spip-prior-to-remote-code-execution-via-private-space

Published: May 12, 2026 19:16 UTC Modified: May 13, 2026 15:26 UTC