CVE-2026-48832

LOW

Spip < 4.4.15 - URL Redirection to Untrusted Site ('Open Redirect')

Title source: rule

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.

Core 3

Core References

CVSS v3 3.5

EPSS 0.0022

EPSS Percentile 12.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-601

Status published

Products (1)

SPIP/SPIP < 4.4.15

Published May 24, 2026

Tracked Since May 25, 2026