CVE-2026-8429 | THREATINT

Description

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.

PUBLISHED Reserved 2026-05-12 | Published 2026-05-12 | Updated 2026-05-14 | Assigner VulnCheck

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

Any version before 4.4.14

affected

Credits

cezame finder

References

blog.spip.net/ vendor-advisory

www.vulncheck.com/...remote-code-execution-via-private-space third-party-advisory

cve.org (CVE-2026-8429)

nvd.nist.gov (CVE-2026-8429)

Download JSON